Hello, I just discovered that xdm/gdm sets TTY to 'ho.st.na.me:0' what is hard nut for pam_access, because colon is field separator on access.conf file. Rather that modifying pam_acces to allow 'escape' colon character in hostname/displayname I propose (in the light of upcoming *cough* IPv6 addresses) to change separator to something different, for example to '|' Same step did some ircd packagers with ircd.conf, AFAIK. With the current setup: -:userxyz:ALL EXCEPT userxyz-machine.domain.com:0 user 'userxyz' logs to xdm from any computer on LAN, what is IMHO wrong. What do you think about it? Petr Kristof
