pam_login_access(8) manual page

The login.access account management component (pam_sm_acct_mgmt()), returns success if and only the user is allowed to login on the specified tty (in the case of a local login) or from the specified remote host (in the case of a remote login), according to the restrictions listed in login.access(5).

accessfile=pathname
	specifies a non-standard location for the `login.access` configuration file (normally located in `/etc/login.access`).
nodefgroup	makes tokens not enclosed in parentheses only match users, requiring groups to be specified in parentheses. Without nodefgroup user and group names are intermingled, with user entries taking precedence over group entries. This is not backwards compatible with legacy `login.access` configuration files. However this mitigates confusion between users and groups of the same name.
fieldsep=separators
	changes the field separator from the default ":". More than one separator may be specified.
listsep=separators	changes the field separator from the default space (''), tab (\t) and comma (,). More than one separator may be specified. For example, listsep=; will replace the default with a semicolon (;). This option may be useful when specifying Active Directory groupnames which typically contain spaces.

The login.access(5) access control scheme was designed and implemented by Wietse Venema.

The pam_login_access module and this manual page were developed for the FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research Division of Network Associates, Inc.amp; under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research program.

Manual Pages — PAM_LOGIN_ACCESS

NAME

CONTENTS

SYNOPSIS

DESCRIPTION

Login.access Account Management Module

SEE ALSO

AUTHORS