--- src/etc/login.access	Sun Jun  6 04:46:27 2004
+++ src/etc/login.access	Wed Oct 18 14:46:19 2006
@@ -24,9 +24,10 @@ 
 #
 # The EXCEPT operator makes it possible to write very compact rules.
 #
-# The group file is searched only when a name does not match that of the
-# logged-in user. Only groups are matched in which users are explicitly
-# listed: the program does not look at a user's primary group id value.
+# The user's groups are checked against the name(s) in the second field
+# only when it/they do not match the user's login name.  Each group the
+# user is in, including his or her login group, will be checked until the
+# first match is found.
 #
 ##############################################################################
 #
--- src/lib/libpam/modules/pam_login_access/login.access.5	Mon Sep 25 18:26:25 2006
+++ src/lib/libpam/modules/pam_login_access/login.access.5	Wed Oct 18 14:27:12 2006
@@ -41,10 +41,10 @@ 
 .Pp
 The EXCEPT operator makes it possible to write very compact rules.
 .Pp
-The group file is searched only when a name does not match that of the
-logged-in user.
-Only groups are matched in which users are explicitly
-listed: the program does not look at a user's primary group id value.
+The user's groups are checked against the name(s) in the second field 
+only when it/they do not match the user's login name. 
+Each group the user is in, including his or her login group, will be 
+checked until the first match is found.
 .Sh FILES
 .Bl -tag -width /etc/login.access -compact
 .It Pa /etc/login.access
--- src/lib/libpam/modules/pam_login_access/login_access.c	Wed Oct 18 12:19:37 2006
+++ src/lib/libpam/modules/pam_login_access/login_access.c	Wed Oct 18 14:02:24 2006
@@ -20,6 +20,7 @@ 
 #include <ctype.h>
 #include <errno.h>
 #include <grp.h>
+#include <pwd.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -156,6 +157,7 @@ 
 user_match(const char *tok, const char *string)
 {
     struct group *group;
+    struct passwd *pw;
     int     i;
 
     /*
@@ -172,6 +174,13 @@ 
 	for (i = 0; group->gr_mem[i]; i++)
 	    if (strcasecmp(string, group->gr_mem[i]) == 0)
 		return (YES);
+    } 
+    /* Check if the user's login group matches token. */
+    if ((pw = getpwnam(string)) != NULL) {
+        group = getgrgid(pw->pw_gid);
+        if (strcasecmp(tok, group->gr_name) == 0) {
+            return(YES);
+        }
     }
     return (NO);
 }