2 .\" Title: login.access
3 .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
4 .\" Generator: DocBook XSL Stylesheets v1.75.1 <http://docbook.sf.net/>
6 .\" Manual: File Formats and Conversions
7 .\" Source: File Formats and Conversions
10 .TH "LOGIN\&.ACCESS" "5" "07/24/2009" "File Formats and Conversions" "File Formats and Conversions"
11 .\" -----------------------------------------------------------------
12 .\" * set default formatting
13 .\" -----------------------------------------------------------------
14 .\" disable hyphenation
16 .\" disable justification (adjust text to left margin only)
18 .\" -----------------------------------------------------------------
19 .\" * MAIN CONTENT STARTS HERE *
20 .\" -----------------------------------------------------------------
22 login.access \- login access control table
27 file specifies (user, host) combinations and/or (user, tty) combinations for which a login will be either accepted or refused\&.
29 When someone logs in, the
31 is scanned for the first entry that matches the (user, host) combination, or, in case of non\-networked logins, the first entry that matches the (user, tty) combination\&. The permissions field of that table entry determines whether the login will be accepted or refused\&.
33 Each line of the login access control table has three fields separated by a ":" character:
36 \fIpermission\fR:\fIusers\fR:\fIorigins\fR
38 The first field should be a "\fI+\fR" (access granted) or "\fI\-\fR" (access denied) character\&. The second field should be a list of one or more login names, group names, or
40 (always matches)\&. The third field should be a list of one or more tty names (for non\-networked logins), host names, domain names (begin with "\&."), host addresses, internet network numbers (end with "\&."),
44 (matches any string that does not contain a "\&." character)\&. If you run NIS you can use @netgroupname in host or user patterns\&.
48 operator makes it possible to write very compact rules\&.
50 The group file is searched only when a name does not match that of the logged\-in user\&. Only groups are matched in which users are explicitly listed: the program does not look at a user\'s primary group id value\&.
55 Shadow password suite configuration\&.