PAM_LOGIN_ACCESS(8)     FreeBSD System Manager's Manual    PAM_LOGIN_ACCESS(8)

NAME
     pam_login_access - login.access PAM module

SYNOPSIS
     [service-name] module-type control-flag pam_login_access [options]

DESCRIPTION
     The login.access service module for PAM, pam_login_access provides
     functionality for only one PAM category: account management.  In terms of
     the module-type parameter, this is the "account" feature.

   Login.access Account Management Module
     The login.access account management component (pam_sm_acct_mgmt()),
     returns success if and only the user is allowed to login on the specified
     tty (in the case of a local login) or from the specified remote host (in
     the case of a remote login), according to the restrictions listed in
     login.access(5).

     accessfile=pathname      specifies a non-standard location for the
                              login.access configuration file (normally
                              located in /etc/login.access).

     nodefgroup               makes tokens not enclosed in parentheses only
                              match users, requiring groups to be specified in
                              parentheses.  Without nodefgroup user and group
                              names are intermingled, with user entries taking
                              precedence over group entries.  This is not
                              backwards compatible with legacy login.access
                              configuration files.  However this mitigates
                              confusion between users and groups of the same
                              name.

     fieldsep=separators      changes the field separator from the default
                              ":".  More than one separator may be specified.

     listsep=separators       changes the field separator from the default
                              space (''), tab (\t) and comma (,).  More than
                              one separator may be specified.  For example,
                              listsep=; will replace the default with a
                              semicolon (;).  This option may be useful when
                              specifying Active Directory groupnames which
                              typically contain spaces.

SEE ALSO
     pam(3), syslog(3), login.access(5), pam.conf(5)

AUTHORS
     The login.access(5) access control scheme was designed and implemented by
     Wietse Venema.

     The pam_login_access module and this manual page were developed for the
     FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research
     Division of Network Associates, Inc. under DARPA/SPAWAR contract
     N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research program.

FreeBSD 13.1-RELEASE-p6        January 30, 2020        FreeBSD 13.1-RELEASE-p6