login.access revision 1519 
1# Login access control table.
2# 
3# When someone logs in, the table is scanned for the first entry that
4# matches the (user, host) combination, or, in case of non-networked
5# logins, the first entry that matches the (user, tty) combination.  The
6# permissions field of that table entry determines whether the login will 
7# be accepted or refused.
8# 
9# Format of the login access control table is three fields separated by a
10# ":" character:
11# 
12# 	permission : users : origins
13# 
14# The first field should be a "+" (access granted) or "-" (access denied)
15# character. The second field should be a list of one or more login names,
16# group names, or ALL (always matches).  The third field should be a list
17# of one or more tty names (for non-networked logins), host names, domain
18# names (begin with "."), host addresses, internet network numbers (end
19# with "."), ALL (always matches) or LOCAL (matches any string that does
20# not contain a "." character). If you run NIS you can use @netgroupname
21# in host or user patterns.
22#
23# The EXCEPT operator makes it possible to write very compact rules.
24#
25# The group file is searched only when a name does not match that of the
26# logged-in user. Only groups are matched in which users are explicitly
27# listed: the program does not look at a user's primary group id value.
28#
29##############################################################################
30# 
31# Disallow console logins to all but a few accounts.
32#
33#-:ALL EXCEPT wheel shutdown sync:console
34#
35# Disallow non-local logins to privileged accounts (group wheel).
36#
37#-:wheel:ALL EXCEPT LOCAL .win.tue.nl
38#
39# Some accounts are not allowed to login from anywhere:
40#
41#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL
42#
43# All other accounts are allowed to login from anywhere.
44#
45