IPnom Home • Manuals • FreeBSD

 FreeBSD Man Pages

Man Sections:Commands (1)System Calls (2)Library Functions (3)Device Drivers (4)File Formats (5)Miscellaneous (7)System Utilities (8)
Keyword Live Search (10 results max):
 Type in part of a command in the search box.
 


auth_timeok(3)

NAME

     auth_ttyok, auth_hostok, auth_timeok -- functions for checking login
     class based login restrictions


LIBRARY

     System Utilities Library (libutil, -lutil)


SYNOPSIS

     #include <sys/types.h>
     #include <time.h>
     #include <login_cap.h>

     int
     auth_ttyok(login_cap_t *lc, const char *tty);

     int
     auth_hostok(login_cap_t *lc, const char *host, char const *ip);

     int
     auth_timeok(login_cap_t *lc, time_t t);


DESCRIPTION

     This set of functions checks to see if login is allowed based on login
     class capability entries in the login database, login.conf(5).

     The auth_ttyok() function checks to see if the named tty is available to
     users of a specific class, and is either in the ttys.allow access list,
     and not in the ttys.deny access list.  An empty ttys.allow list (or if no
     such capability exists for the give login class) logins via any tty
     device are allowed unless the ttys.deny list exists and is non-empty, and
     the device or its tty group (see ttys(5)) is not in the list.  Access to
     ttys may be allowed or restricted specifically by tty device name, a
     device name which includes a wildcard (e.g. ttyD* or cuaD*), or may name
     a ttygroup, when group=<name> tags have been assigned in /etc/ttys.
     Matching of ttys and ttygroups is case sensitive.	Passing a NULL or
     empty string as the tty parameter causes the function to return a non-
     zero value.

     The auth_hostok() function checks for any host restrictions for remote
     logins.  The function checks on both a host name and IP address (given in
     its text form, typically n.n.n.n) against the host.allow and host.deny
     login class capabilities.	As with ttys and their groups, wildcards and
     character classes may be used in the host allow and deny capability
     records.  The fnmatch(3) function is used for matching, and the matching
     on hostnames is case insensitive.	Note that this function expects that
     the hostname is fully expanded (i.e., the local domain name added if nec-
     essary) and the IP address is in its canonical form.  No hostname or
     address lookups are attempted.

     It is possible to call this function with either the hostname or the IP
     address missing (i.e. NULL) and matching will be performed only on the
     basis of the parameter given.  Passing NULL or empty strings in both
     parameters will result in a non-zero return value.

     The auth_timeok() function checks to see that a given time value is
     within the times.allow login class capability and not within the
     times.deny access lists.  An empty or non-existent times.allow list
     tested is not in the allow access list, or is within the deny access
     list.


SEE ALSO

     getcap(3), login_cap(3), login_class(3), login_times(3), login.conf(5),
     termcap(5)

FreeBSD 5.4			January 2, 1997 		   FreeBSD 5.4

SPONSORED LINKS




Man(1) output converted with man2html , sed , awk