I was messing around and trying to set it up so that a specific user couldn't log in locally, but only ssh in.
I added the following to /et/security/access.conf
- : frank : 127.0.0.0/24
After saving the file I tried to log in locally as frank and successful. Am I not doing this correctly?