/*
Arthur Hagen <art@flying.broomstick.com>             at Broomstick Net Services
> could someone please tell me what to edit to allow this measure to take
> effect (/etc/default/login didn't seem to have the stuff i need) or what
> sort of trickery to mess with this option [1].

There's no fool-proof way of doing this, but /etc/default/login is indeed
the place to look.
Here, you can set the SITECHECK= to point to a program that will check
which users are allowed to login from which sites.
I have a tiny program here that checks /etc/loginusers (which just like
/etc/ftpusers contains a list of those who aren't allowed access) and
allows/denies remote logins based on this list.
You can find the source to this tiny program at
<URL:ftp://ftp.broomstick.com/pub/sgi/sitecheck.c>
*/

#include <stdio.h>
#include <malloc.h>

int main(int argc, char *argv[]) {
    char	*username,
		*hostname,
		*rusername;
    int		retval = 3;

    username = argc > 0 ? argv[1] : "root";
    hostname = argc > 1 ? argv[2] : "localhost";
    rusername = argc > 2 ? argv[3] : "UNKNOWN";
    {
	FILE *logfile;
	if (logfile = fopen("/var/adm/sitecheck.log","a+")) {
	    fprintf(logfile,"%s <= %s@%s\n",username,rusername,hostname);
	    fclose(logfile);
	}
    }
    if (strcmp(hostname,"localhost")) {
	FILE *loginusers;

	if (loginusers = fopen("/etc/loginusers","r")) {
	    char *lusername;

	    if (lusername = malloc(256)) {
		while (fgets(lusername,255,loginusers)) {
		    lusername[strlen(lusername)-1] = 0;
		    if (!strncmp(username,lusername,255)) {
			puts("Remote login denied");
			retval = 1;
			break;
		    }
		}
		free(lusername);
	    } else retval = 2;
	    fclose(loginusers);
	}
    }
    return retval;
}