Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

auth_hostok(3) [freebsd man page]

LOGIN_OK(3)						   BSD Library Functions Manual 					       LOGIN_OK(3)

NAME
auth_ttyok, auth_hostok, auth_timeok -- functions for checking login class based login restrictions LIBRARY
System Utilities Library (libutil, -lutil) SYNOPSIS
#include <sys/types.h> #include <time.h> #include <login_cap.h> int auth_ttyok(login_cap_t *lc, const char *tty); int auth_hostok(login_cap_t *lc, const char *host, char const *ip); int auth_timeok(login_cap_t *lc, time_t t); DESCRIPTION
This set of functions checks to see if login is allowed based on login class capability entries in the login database, login.conf(5). The auth_ttyok() function checks to see if the named tty is available to users of a specific class, and is either in the ttys.allow access list, and not in the ttys.deny access list. An empty ttys.allow list (or if no such capability exists for the given login class) logins via any tty device are allowed unless the ttys.deny list exists and is non-empty, and the device or its tty group (see ttys(5)) is not in the list. Access to ttys may be allowed or restricted specifically by tty device name, a device name which includes a wildcard (e.g. ttyD* or cuaD*), or may name a ttygroup, when group=<name> tags have been assigned in /etc/ttys. Matching of ttys and ttygroups is case sensitive. Passing a NULL or empty string as the tty parameter causes the function to return a non-zero value. The auth_hostok() function checks for any host restrictions for remote logins. The function checks on both a host name and IP address (given in its text form, typically n.n.n.n) against the host.allow and host.deny login class capabilities. As with ttys and their groups, wildcards and character classes may be used in the host allow and deny capability records. The fnmatch(3) function is used for matching, and the matching on hostnames is case insensitive. Note that this function expects that the hostname is fully expanded (i.e., the local domain name added if necessary) and the IP address is in its canonical form. No hostname or address lookups are attempted. It is possible to call this function with either the hostname or the IP address missing (i.e. NULL) and matching will be performed only on the basis of the parameter given. Passing NULL or empty strings in both parameters will result in a non-zero return value. The auth_timeok() function checks to see that a given time value is within the times.allow login class capability and not within the times.deny access lists. An empty or non-existent times.allow list allows access at any time, except if a given time is falls within a period in the times.deny list. The format of time period records contained in both times.allow and times.deny capability fields is explained in detail in the login_times(3) manual page. RETURN VALUES
A non-zero return value from any of these functions indicates that login access is granted. A zero return value means either that the item being tested is not in the allow access list, or is within the deny access list. SEE ALSO
getcap(3), login_cap(3), login_class(3), login_times(3), login.conf(5), termcap(5) BSD
January 2, 1997 BSD

Check Out this Related Man Page

AC(8)							    BSD System Manager's Manual 						     AC(8)

NAME
ac -- display connect time accounting SYNOPSIS
ac [-d | -p] [-t tty] [-w file] [users ...] DESCRIPTION
If the file /var/log/wtmp exists, a record of individual login and logout times are written to it by login(1) and init(8), respectively. The program ac examines these records and writes the accumulated connect time for all logins to the standard output. Options available: -d Display the connect times in 24 hour chunks. -p Display individual user totals. -t tty Only do accounting logins on certain ttys. The tty specification can start with '!' to indicate not this tty and end with '*' to indicate all similarly named ttys. Multiple -t flags may be specified. -w file Read raw connect time data from file instead of the default file /var/log/wtmp. users ... Display totals for the given individuals only. If no arguments are given, ac displays the total amount of login time for all active accounts on the system. The default wtmp file is an infinitely increasing file unless frequently truncated. This is normally done by the daily daemon scripts sched- uled by cron(8), which rename and rotate the wtmp files before truncating them (and keep about a week's worth on hand). No login times are collected, however, if the file does not exist. For example, ac -p -t "ttyd*" > modems ac -p -t "!ttyd*" > other allows times recorded in modems to be charged out at a different rate than other. The ac utility exits 0 on success, and >0 if a fatal error occurs. FILES
/var/log/wtmp connect time accounting file /var/log/wtmp.[0-7] rotated files SEE ALSO
login(1), utmp(5), init(8), sa(8) HISTORY
An ac command appeared in Version 6 AT&T UNIX. This version of ac was written for NetBSD 1.0 from the specification provided by various sys- tems' manual pages. BSD
April 19, 1994 BSD
Man Page