1.\" 2.\" $FreeBSD: src/lib/libpam/modules/pam_login_access/login.access.5,v 1.13 2004/07/02 23:52:17 ru Exp $ 3.\" 4.\" this is comment 5.Dd April 30, 1994 6.Dt LOGIN.ACCESS 5 7.Os 8.Sh NAME 9.Nm login.access 10.Nd login access control table 11.Sh DESCRIPTION 12The 13.Nm 14file specifies (user, host) combinations and/or (user, tty) 15combinations for which a login will be either accepted or refused. 16.Pp 17When someone logs in, the 18.Nm 19is scanned for the first entry that 20matches the (user, host) combination, or, in case of non-networked 21logins, the first entry that matches the (user, tty) combination. 22The 23permissions field of that table entry determines whether the login will 24be accepted or refused. 25.Pp 26Each line of the login access control table has three fields separated by a 27.Ql \&: 28character: 29.Ar permission : Ns Ar users : Ns Ar origins 30.Pp 31The first field should be a "+" (access granted) or "-" (access denied) 32character. 33The second field should be a list of one or more login names, 34group names, or ALL (always matches). 35The third field should be a list 36of one or more tty names (for non-networked logins), host names, domain 37names (begin with "."), host addresses, internet network numbers (end 38with "."), ALL (always matches) or LOCAL (matches any string that does 39not contain a "." character). 40If you run NIS you can use @netgroupname 41in host or user patterns. 42.Pp 43The EXCEPT operator makes it possible to write very compact rules. 44.Pp 45The group file is searched only when a name does not match that of the 46logged-in user. 47Only groups are matched in which users are explicitly 48listed: the program does not look at a user's primary group id value. 49.Sh FILES 50.Bl -tag -width /etc/login.access -compact 51.It Pa /etc/login.access 52The 53.Nm 54file resides in 55.Pa /etc . 56.El 57.Sh SEE ALSO 58.Xr login 1 , 59.Xr pam 8 60.Sh AUTHORS 61.An Guido van Rooij 62