Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

auth_hostok(3) [freebsd man page]

LOGIN_OK(3)						   BSD Library Functions Manual 					       LOGIN_OK(3)

NAME

     auth_ttyok, auth_hostok, auth_timeok -- functions for checking login class based login restrictions

LIBRARY

     System Utilities Library (libutil, -lutil)

SYNOPSIS

     #include <sys/types.h>
     #include <time.h>
     #include <login_cap.h>

     int
     auth_ttyok(login_cap_t *lc, const char *tty);

     int
     auth_hostok(login_cap_t *lc, const char *host, char const *ip);

     int
     auth_timeok(login_cap_t *lc, time_t t);

DESCRIPTION

     This set of functions checks to see if login is allowed based on login class capability entries in the login database, login.conf(5).

     The auth_ttyok() function checks to see if the named tty is available to users of a specific class, and is either in the ttys.allow access
     list, and not in the ttys.deny access list.  An empty ttys.allow list (or if no such capability exists for the given login class) logins via
     any tty device are allowed unless the ttys.deny list exists and is non-empty, and the device or its tty group (see ttys(5)) is not in the
     list.  Access to ttys may be allowed or restricted specifically by tty device name, a device name which includes a wildcard (e.g. ttyD* or
     cuaD*), or may name a ttygroup, when group=<name> tags have been assigned in /etc/ttys.  Matching of ttys and ttygroups is case sensitive.
     Passing a NULL or empty string as the tty parameter causes the function to return a non-zero value.

     The auth_hostok() function checks for any host restrictions for remote logins.  The function checks on both a host name and IP address (given
     in its text form, typically n.n.n.n) against the host.allow and host.deny login class capabilities.  As with ttys and their groups, wildcards
     and character classes may be used in the host allow and deny capability records.  The fnmatch(3) function is used for matching, and the
     matching on hostnames is case insensitive.  Note that this function expects that the hostname is fully expanded (i.e., the local domain name
     added if necessary) and the IP address is in its canonical form.  No hostname or address lookups are attempted.

     It is possible to call this function with either the hostname or the IP address missing (i.e. NULL) and matching will be performed only on
     the basis of the parameter given.	Passing NULL or empty strings in both parameters will result in a non-zero return value.

     The auth_timeok() function checks to see that a given time value is within the times.allow login class capability and not within the
     times.deny access lists.  An empty or non-existent times.allow list allows access at any time, except if a given time is falls within a
     period in the times.deny list.  The format of time period records contained in both times.allow and times.deny capability fields is explained
     in detail in the login_times(3) manual page.

RETURN VALUES

     A non-zero return value from any of these functions indicates that login access is granted.  A zero return value means either that the item
     being tested is not in the allow access list, or is within the deny access list.

SEE ALSO

     getcap(3), login_cap(3), login_class(3), login_times(3), login.conf(5), termcap(5)

BSD
								  January 2, 1997							       BSD

Check Out this Related Man Page

last(1) 						      General Commands Manual							   last(1)

NAME

       last, lastb - indicate last logins of users and ttys

SYNOPSIS

       file] [name ...] [tty ...]

       file] [name ...] [tty ...]

DESCRIPTION

       The command searches backwards through the file (which contains a record of all logins and logouts) for information about a user, a tty, or
       any group of users and ttys.  Arguments specify names of users or ttys of interest.  The names of ttys can be given fully  or  abbreviated.
       For example, is the same as If multiple arguments are given, the information that applies to any of the arguments is printed.  For example,
       lists all of sessions as well as all sessions on the console terminal.  The command prints the sessions of the specified  users	and  ttys,
       most  recent first, indicating when the session began, the duration of the session, and the tty on which the session took place.  indicates
       if the session is still in progress or if it was cut short by a reboot.

       The pseudo-user logs each time the system reboots.  Thus, is a useful command for evaluating the relative time between system reboots.

       If is interrupted, it indicates how far the search has progressed in If interrupted by a quit signal (generated by a Ctrl-), indicates how
       far the search has progressed, then continues the search.

       The  command  searches  backwards through the database file to display bad login information.  Access to should be restricted to users with
       appropriate privileges (owned by and readable only by because it may contain password information.

   Options
       The and commands recognize the following options and arguments:

	      (none)	If no arguments are specified, prints a record of all logins and logouts in reverse order, most recent first.

	      When used with
			and displays the user's host name as it is stored in the files and respectively.  The host name is displayed  between  the
			tty name and the user's login time.

	      Limits the report to
			number of lines.

	      Use	file as the name of the accounting file instead of or

	      Use	file as the name of the accounting database instead of This option should be used along with the option.

	      Display the fields in long format if this flag is used
			along with the flag.  Without the flag, normal output is displayed.

AUTHOR

       was developed by the University of California, Berkeley and HP.

FILES

       Bad login database
       Login database
       New login database
       New bad login database

SEE ALSO

       login(1), utmp(4), wtmps(4).

																	   last(1)
Man Page