.\" $Id: login.access.5,v 1.1 2003/03/24 15:49:30 joda Exp $
.\" 
.Dd March 21, 2003
.Dt LOGIN.ACCESS 5
.Os HEIMDAL
.Sh NAME
.Nm login.access
.Nd
login access control table
.Sh DESCRIPTION
The
.Nm login.access
file specifies on which ttys or from which hosts certain users are
allowed to login.
.Pp
At login, the
.Pa /etc/login.access 
file is checked for the first entry that matches a specific user/host
or user/tty combination. That entry can either allow or deny login
access to that user.
.Pp
Each entry have three fields separated by colon:
.Bl -bullet
.It
The first field indicates the permission given if the entry matches.
It can be either
.Dq +
(allow access)
or
.Dq -
(deny access) .
.It
The second field is a comma separated list of users or groups for
which the current entry applies. NIS netgroups can used (if
configured) if preceeded by @. The magic string ALL matches all users.
A group will match if the user is a member of that group, or it is the
user's primary group.
.It
The third field is a list of ttys, or network names. A network name
can be either a hostname, a domain (indicated by a starting period),
or a netgroup. As with the user list, ALL matches anything. LOCAL
matches a string not containing a period.
.El
.Pp
If the string EXCEPT is found in either the user or from list, the
rest of the list are exceptions to the list before EXCEPT.
.Sh BUGS
If there's a user and a group with the same name, there is no way to
make the group match if the user also matches.
.Sh SEE ALSO
.Xr login 1
.Sh AUTHORS
The
.Fn login_access
function was written by 
Wietse Venema. This manual page was written for Heimdal.