diff options
author | mpp <mpp@FreeBSD.org> | 1997-01-09 07:12:09 +0000 |
---|---|---|
committer | mpp <mpp@FreeBSD.org> | 1997-01-09 07:12:09 +0000 |
commit | ba7ed4138885061356e4de96511bc9455cd5d7af (patch) | |
tree | 490c5afea485c03441400a3475a76d9de8454d55 /lib/libutil/login_ok.3 | |
parent | 47927ebd5cd44202945572795b6c1ca15bbec17b (diff) | |
download | FreeBSD-src-ba7ed4138885061356e4de96511bc9455cd5d7af.zip FreeBSD-src-ba7ed4138885061356e4de96511bc9455cd5d7af.tar.gz |
Minor mdoc style fixes.
Diffstat (limited to 'lib/libutil/login_ok.3')
-rw-r--r-- | lib/libutil/login_ok.3 | 67 |
1 files changed, 48 insertions, 19 deletions
diff --git a/lib/libutil/login_ok.3 b/lib/libutil/login_ok.3 index c459d94..8c50825 100644 --- a/lib/libutil/login_ok.3 +++ b/lib/libutil/login_ok.3 @@ -17,7 +17,7 @@ .\" 5. Modifications may be freely made to this file providing the above .\" conditions are met. .\" -.\" $Id$ +.\" $Id: login_ok.3,v 1.1 1997/01/04 16:50:07 davidn Exp $ .\" .Dd January 2, 1997 .Os FreeBSD @@ -44,11 +44,19 @@ class capability entries in the login database, .Pp .Fn auth_ttyok checks to see if the named tty is available to users of a specific -class, and is either in the "ttys.allow" access list, and not in -the "ttys.deny" access list. -An empty "ttys.allowed" list (or if no such capability exists for +class, and is either in the +.Em ttys.allow +access list, and not in +the +.Em ttys.deny +access list. +An empty +.Em ttys.allow +list (or if no such capability exists for the give login class) logins via any tty device are allowed unless -the "ttys.deny" list exists and is non-empty, and the device or its +the +.Em ttys.deny +list exists and is non-empty, and the device or its tty group (see .Xr ttys 5 ) is not in the list. @@ -57,14 +65,19 @@ name, a device name which includes a wildcard (e.g. ttyD* or cuaD*), or may name a ttygroup, when group=<name> tags have been assigned in .Pa /etc/ttys . Matching of ttys and ttygroups is case sensitive. -Passing a NULL or empty string as the +Passing a +.Dv NULL +or empty string as the .Ar tty parameter causes the function to return a non-zero value. .Pp .Fn auth_hostok checks for any host restrictions for remote logins. The function checks on both a host name and IP address (given in its -text form, typically n.n.n.n) against the "host.allow" and "host.deny" +text form, typically n.n.n.n) against the +.Em host.allow +and +.Em host.deny login class capabilities. As with ttys and their groups, wildcards and character classes may be used in the host allow and deny capability records. @@ -78,32 +91,48 @@ is in its canonical form. No hostname or address lookups are attempted. .Pp It is possible to call this function with either the hostname or -the IP address missing (i.e. NULL) and matching will be performed +the IP address missing (i.e. +.Dv NULL ) +and matching will be performed only on the basis of the parameter given. -Passing NULL or empty strings in both parameters will result in +Passing +.Dv NULL +or empty strings in both parameters will result in a non-zero return value. .Pp The .Fn auth_timeok function checks to see that a given time value is within the -"times.allow" login class capability and not within the -"times.deny" access lists. -An empty or non-existent "times.allow" list allows access at any +.Em times.allow +login class capability and not within the +.Em times.deny +access lists. +An empty or non-existent +.Em times.allow +list allows access at any time, except if a given time is falls within a period in the -"times.deny" list. -The format of time period records contained in both "times.allow" -and "times.deny" capability fields is explained in detail in the +.Em times.deny +list. +The format of time period records contained in both +.Em times.allow +and +.Em times.deny +capability fields is explained in detail in the .Xr login_times 3 manual page. .Sh RETURN VALUES A non-zero return value from any of these functions indicates that login access is granted. A zero return value means either that the item being tested is not -in the "allow" access list, or is within the "deny" access list. +in the +.Em allow +access list, or is within the +.Em deny +access list. .Sh SEE ALSO -.Xr login.conf 5 , +.Xr getcap 3 , .Xr login_cap 3 , .Xr login_class 3 , .Xr login_times 3 , -.Xr termcap 5 , -.Xr getcap 3 +.Xr login.conf 5 , +.Xr termcap 5 |