Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
PAM_LOGIN_ACCESS(8)	  BSD System Manager's Manual	   PAM_LOGIN_ACCESS(8)

     pam_login_access -- login.access PAM module

     [service-name] module-type	control-flag pam_login_access [options]

     The login.access service module for PAM, pam_login_access provides	func-
     tionality for only	one PAM	category: account management.  In terms	of the
     module-type parameter, this is the	"account" feature.

   Login.access	Account	Management Module
     The login.access account management component (pam_sm_acct_mgmt()), re-
     turns success if and only the user	is allowed to login on the specified
     tty (in the case of a local login)	or from	the specified remote host (in
     the case of a remote login), according to the restrictions	listed in

     accessfile=pathname  specifies a non-standard location for	the
			  login.access configuration file (normally located in

     nodefgroup		  makes	tokens not enclosed in parentheses only	match
			  users, requiring groups to be	specified in parenthe-
			  ses.	Without	nodefgroup user	and group names	are
			  intermingled,	with user entries taking precedence
			  over group entries.  This is not backwards compati-
			  ble with legacy login.access configuration files.
			  However this mitigates confusion between users and
			  groups of the	same name.

     fieldsep=separators  changes the field separator from the default ":".
			  More than one	separator may be specified.

     listsep=separators	  changes the field separator from the default space
			  (''),	tab (\t) and comma (,).	 More than one separa-
			  tor may be specified.	 For example, listsep=;	will
			  replace the default with a semicolon (;).  This op-
			  tion may be useful when specifying Active Directory
			  groupnames which typically contain spaces.

     pam(3), syslog(3),	login.access(5), pam.conf(5)

     The login.access(5) access	control	scheme was designed and	implemented by
     Wietse Venema.

     The pam_login_access module and this manual page were developed for the
     FreeBSD Project by	ThinkSec AS and	NAI Labs, the Security Research	Divi-
     sion of Network Associates, Inc. under DARPA/SPAWAR contract
     N66001-01-C-8035 ("CBOSS"), as part of the	DARPA CHATS research program.

BSD			       January 30, 2020				   BSD


Want to link to this manual page? Use this URL:

home | help