Provided by: passwd_4.0.13-7ubuntu3_i386 bug


       login.access - Login access control table


       The login.access file specifies (user, host) combinations and/or (user,
       tty) combinations for which a login will be either accepted or refused.

       When someone logs in, the login.access is scanned for the first entry
       that matches the (user, host) combination, or, in case of non-networked
       logins, the first entry that matches the (user, tty) combination. The
       permissions field of that table entry determines whether the login will
       be accepted or refused.

       Each line of the login access control table has three fields separated
       by a ":" character:

       permission:users: origins

       The first field should be a "+" (access granted) or "-" (access denied)
       character. The second field should be a list of one or more login
       names, group names, or ALL (always matches). The third field should be
       a list of one or more tty names (for non-networked logins), host names,
       domain names (begin with "."), host addresses, internet network numbers
       (end with "."), ALL (always matches) or LOCAL (matches any string that
       does not contain a "." character). If you run NIS you can use
       @netgroupname in host or user patterns.

       The EXCEPT operator makes it possible to write very compact rules.

       The group file is searched only when a name does not match that of the
       logged-in user. Only groups are matched in which users are explicitly
       listed: the program does not look at a user’s primary group id value.


              shadow password suite configuration




       Guido van Rooij

                                  10/01/2005                   LOGIN.ACCESS(5)