1ae771770SStanislav Sedov.\" $Id$ 2bbd80c28SJacques Vidrine.\" 3bbd80c28SJacques Vidrine.Dd March 21, 2003 4bbd80c28SJacques Vidrine.Dt LOGIN.ACCESS 5 5bbd80c28SJacques Vidrine.Os HEIMDAL 6bbd80c28SJacques Vidrine.Sh NAME 7bbd80c28SJacques Vidrine.Nm login.access 8ae771770SStanislav Sedov.Nd login access control table 9bbd80c28SJacques Vidrine.Sh DESCRIPTION 10bbd80c28SJacques VidrineThe 11bbd80c28SJacques Vidrine.Nm login.access 12bbd80c28SJacques Vidrinefile specifies on which ttys or from which hosts certain users are 13bbd80c28SJacques Vidrineallowed to login. 14bbd80c28SJacques Vidrine.Pp 15bbd80c28SJacques VidrineAt login, the 16bbd80c28SJacques Vidrine.Pa /etc/login.access 17bbd80c28SJacques Vidrinefile is checked for the first entry that matches a specific user/host 18bbd80c28SJacques Vidrineor user/tty combination. That entry can either allow or deny login 19bbd80c28SJacques Vidrineaccess to that user. 20bbd80c28SJacques Vidrine.Pp 21bbd80c28SJacques VidrineEach entry have three fields separated by colon: 22bbd80c28SJacques Vidrine.Bl -bullet 23bbd80c28SJacques Vidrine.It 24bbd80c28SJacques VidrineThe first field indicates the permission given if the entry matches. 25bbd80c28SJacques VidrineIt can be either 26bbd80c28SJacques Vidrine.Dq + 27bbd80c28SJacques Vidrine(allow access) 28bbd80c28SJacques Vidrineor 29bbd80c28SJacques Vidrine.Dq - 30bbd80c28SJacques Vidrine(deny access) . 31bbd80c28SJacques Vidrine.It 32bbd80c28SJacques VidrineThe second field is a comma separated list of users or groups for 33bbd80c28SJacques Vidrinewhich the current entry applies. NIS netgroups can used (if 34*53d908d6SJens Schweikhardtconfigured) if preceded by @. The magic string ALL matches all users. 35bbd80c28SJacques VidrineA group will match if the user is a member of that group, or it is the 36bbd80c28SJacques Vidrineuser's primary group. 37bbd80c28SJacques Vidrine.It 38bbd80c28SJacques VidrineThe third field is a list of ttys, or network names. A network name 39bbd80c28SJacques Vidrinecan be either a hostname, a domain (indicated by a starting period), 40bbd80c28SJacques Vidrineor a netgroup. As with the user list, ALL matches anything. LOCAL 41bbd80c28SJacques Vidrinematches a string not containing a period. 42bbd80c28SJacques Vidrine.El 43bbd80c28SJacques Vidrine.Pp 44bbd80c28SJacques VidrineIf the string EXCEPT is found in either the user or from list, the 45bbd80c28SJacques Vidrinerest of the list are exceptions to the list before EXCEPT. 46bbd80c28SJacques Vidrine.Sh BUGS 47bbd80c28SJacques VidrineIf there's a user and a group with the same name, there is no way to 48bbd80c28SJacques Vidrinemake the group match if the user also matches. 49bbd80c28SJacques Vidrine.Sh SEE ALSO 50bbd80c28SJacques Vidrine.Xr login 1 51bbd80c28SJacques Vidrine.Sh AUTHORS 52bbd80c28SJacques VidrineThe 53bbd80c28SJacques Vidrine.Fn login_access 54bbd80c28SJacques Vidrinefunction was written by 55bbd80c28SJacques VidrineWietse Venema. This manual page was written for Heimdal. 56