Changeset View
Changeset View
Standalone View
Standalone View
head/lib/libpam/modules/pam_login_access/login.access.5
.\" | .\" | ||||
.\" $FreeBSD$ | .\" $FreeBSD$ | ||||
.\" | .\" | ||||
.Dd January 27, 2020 | .Dd January 30, 2020 | ||||
.Dt LOGIN.ACCESS 5 | .Dt LOGIN.ACCESS 5 | ||||
.Os | .Os | ||||
.Sh NAME | .Sh NAME | ||||
.Nm login.access | .Nm login.access | ||||
.Nd login access control table | .Nd login access control table | ||||
.Sh SYNOPSIS | .Sh SYNOPSIS | ||||
.Pa /etc/login.access | .Pa /etc/login.access | ||||
.Sh DESCRIPTION | .Sh DESCRIPTION | ||||
Show All 16 Lines | |||||
character: | character: | ||||
.Ar permission : Ns Ar users : Ns Ar origins | .Ar permission : Ns Ar users : Ns Ar origins | ||||
.Pp | .Pp | ||||
The first field should be a "+" (access granted) or "-" (access denied) | The first field should be a "+" (access granted) or "-" (access denied) | ||||
character. | character. | ||||
.Pp | .Pp | ||||
The second field should be a list of one or more login names, | The second field should be a list of one or more login names, | ||||
group names, or ALL (always matches). | group names, or ALL (always matches). | ||||
Group names must be enclosed in | |||||
parentheses if the pam module specification for | |||||
.Pa pam_login_access | |||||
specifies the | |||||
.Pa nodefgroup | |||||
option. | |||||
Otherwise, group names will only match if no usernames match. | |||||
.Pp | .Pp | ||||
The third field should be a list | The third field should be a list | ||||
of one or more tty names (for non-networked logins), host names, domain | of one or more tty names (for non-networked logins), host names, domain | ||||
names (begin with "."), host addresses, internet network numbers (end | names (begin with "."), host addresses, internet network numbers (end | ||||
with "."), ALL (always matches) or LOCAL (matches any string that does | with "."), ALL (always matches) or LOCAL (matches any string that does | ||||
not contain a "." character). | not contain a "." character). | ||||
If you run NIS you can use @netgroupname | If you run NIS you can use @netgroupname | ||||
in host or user patterns. | in host or user patterns. | ||||
Show All 17 Lines |