Changeset View
Changeset View
Standalone View
Standalone View
lib/libpam/modules/pam_login_access/login.access.5
| .\" | .\" | ||||
| .\" $FreeBSD$ | .\" $FreeBSD$ | ||||
| .\" | .\" | ||||
| .Dd May 7, 2019 | .Dd January 30, 2020 | ||||
| .Dt LOGIN.ACCESS 5 | .Dt LOGIN.ACCESS 5 | ||||
| .Os | .Os | ||||
| .Sh NAME | .Sh NAME | ||||
| .Nm login.access | .Nm login.access | ||||
| .Nd login access control table | .Nd login access control table | ||||
| .Sh SYNOPSIS | |||||
| .Pa /etc/login.access | |||||
| .Sh DESCRIPTION | .Sh DESCRIPTION | ||||
| The | The | ||||
| .Nm | .Nm | ||||
| file specifies (user, host) combinations and/or (user, tty) | file specifies (user, host) combinations and/or (user, tty) | ||||
| combinations for which a login will be either accepted or refused. | combinations for which a login will be either accepted or refused. | ||||
| .Pp | .Pp | ||||
| When someone logs in, the | When someone logs in, the | ||||
| .Nm | .Nm | ||||
| is scanned for the first entry that | is scanned for the first entry that | ||||
| matches the (user, host) combination, or, in case of non-networked | matches the (user, host) combination, or, in case of non-networked | ||||
| logins, the first entry that matches the (user, tty) combination. | logins, the first entry that matches the (user, tty) combination. | ||||
| The | The | ||||
| permissions field of that table entry determines whether the login will | permissions field of that table entry determines whether the login will | ||||
| be accepted or refused. | be accepted or refused. | ||||
| .Pp | .Pp | ||||
| Each line of the login access control table has three fields separated by a | Each line of the login access control table has three fields separated by a | ||||
| .Ql \&: | .Ql \&: | ||||
| character: | character: | ||||
| .Ar permission : Ns Ar users : Ns Ar origins | .Ar permission : Ns Ar users : Ns Ar origins | ||||
| .Pp | .Pp | ||||
| The first field should be a "+" (access granted) or "-" (access denied) | The first field should be a "+" (access granted) or "-" (access denied) | ||||
| character. | character. | ||||
| .Pp | .Pp | ||||
| The second field should be a list of one or more login names, | The second field should be a list of one or more login names, | ||||
| group names, or ALL (always matches). | group names, or ALL (always matches). | ||||
| Group names must be enclosed in | |||||
| parentheses if the pam module specification for | |||||
| .Pa pam_login_access | |||||
| specifies the | |||||
| .Pa nodefgroup | |||||
| option. | |||||
| Otherwise, group names will only match if no usernames match. | |||||
bcr: You need to make a line break after a sentence stop in man pages. | |||||
Done Inline ActionsA comma after "Otherwise" might be helpful though it's debatable whether it's strictly needed for correctness. bjk: A comma after "Otherwise" might be helpful though it's debatable whether it's strictly needed… | |||||
Done Inline ActionsI don't think a comma is needed but I'll put one in there. cy: I don't think a comma is needed but I'll put one in there. | |||||
| .Pp | .Pp | ||||
| The third field should be a list | The third field should be a list | ||||
| of one or more tty names (for non-networked logins), host names, domain | of one or more tty names (for non-networked logins), host names, domain | ||||
| names (begin with "."), host addresses, internet network numbers (end | names (begin with "."), host addresses, internet network numbers (end | ||||
| with "."), ALL (always matches) or LOCAL (matches any string that does | with "."), ALL (always matches) or LOCAL (matches any string that does | ||||
| not contain a "." character). | not contain a "." character). | ||||
| If you run NIS you can use @netgroupname | If you run NIS you can use @netgroupname | ||||
| in host or user patterns. | in host or user patterns. | ||||
| Show All 17 Lines | |||||
You need to make a line break after a sentence stop in man pages.