NAME

       login.access — login access control table

DESCRIPTION

       The login.access file specifies on which ttys or from which hosts certain users are allowed to login.

       At  login, the /etc/login.access file is checked for the first entry that matches a specific user/host or
       user/tty combination. That entry can either allow or deny login access to that user.

       Each entry have three fields separated by colon:

       •   The first field indicates the permission given if the entry matches.  It can  be  either  “+”  (allow
           access) or “-” (deny access) .

       •   The  second  field  is a comma separated list of users or groups for which the current entry applies.
           NIS netgroups can used (if configured) if preceded by @. The magic string ALL matches all  users.   A
           group will match if the user is a member of that group, or it is the user's primary group.

       •   The  third  field  is  a  list  of ttys, or network names. A network name can be either a hostname, a
           domain (indicated by a starting period), or a netgroup. As with the user list, ALL matches  anything.
           LOCAL matches a string not containing a period.

       If the string EXCEPT is found in either the user or from list, the rest of the list are exceptions to the
       list before EXCEPT.

BUGS

       If  there's  a  user  and a group with the same name, there is no way to make the group match if the user
       also matches.

SEE ALSO

       login(1)

AUTHORS

       The login_access() function was written by Wietse Venema. This manual page was written for Heimdal.

HEIMDAL                                          March 21, 2003                                  LOGIN.ACCESS(5)