Provided by: heimdal-docs_1.6~git20120311.dfsg.1-2_all bug


     login.access — login access control table


     The login.access file specifies on which ttys or from which hosts certain users are allowed
     to login.

     At login, the /etc/login.access file is checked for the first entry that matches a specific
     user/host or user/tty combination. That entry can either allow or deny login access to that

     Each entry have three fields separated by colon:

     ·   The first field indicates the permission given if the entry matches.  It can be either
         “+” (allow access) or “-” (deny access) .

     ·   The second field is a comma separated list of users or groups for which the current
         entry applies. NIS netgroups can used (if configured) if preceeded by @. The magic
         string ALL matches all users.  A group will match if the user is a member of that group,
         or it is the user's primary group.

     ·   The third field is a list of ttys, or network names. A network name can be either a
         hostname, a domain (indicated by a starting period), or a netgroup. As with the user
         list, ALL matches anything. LOCAL matches a string not containing a period.

     If the string EXCEPT is found in either the user or from list, the rest of the list are
     exceptions to the list before EXCEPT.


     If there's a user and a group with the same name, there is no way to make the group match if
     the user also matches.




     The login_access() function was written by Wietse Venema. This manual page was written for