9 .Nd login access control table
15 file specifies (user, host) combinations and/or (user, tty)
16 combinations for which a login will be either accepted or refused.
18 When someone logs in, the
20 is scanned for the first entry that
21 matches the (user, host) combination, or, in case of non-networked
22 logins, the first entry that matches the (user, tty) combination.
24 permissions field of that table entry determines whether the login will
25 be accepted or refused.
27 Each line of the login access control table has three fields separated by a
30 .Ar permission : Ns Ar users : Ns Ar origins
32 The first field should be a "+" (access granted) or "-" (access denied)
35 The second field should be a list of one or more login names,
36 group names, or ALL (always matches).
37 Group names must be enclosed in
38 parentheses if the pam module specification for
43 Otherwise, group names will only match if no usernames match.
45 The third field should be a list
46 of one or more tty names (for non-networked logins), host names, domain
47 names (begin with "."), host addresses, internet network numbers (end
48 with "."), ALL (always matches) or LOCAL (matches any string that does
49 not contain a "." character).
50 If you run NIS you can use @netgroupname
51 in host or user patterns.
53 The EXCEPT operator makes it possible to write very compact rules.
55 The group file is searched only when a name does not match that of the
57 Only groups are matched in which users are explicitly
58 listed: the program does not look at a user's primary group id value.
60 .Bl -tag -width /etc/login.access -compact
61 .It Pa /etc/login.access
62 login access control table
66 .Xr pam_login_access 8
projects / FreeBSD / FreeBSD.git / blob