If you set this setting to NO, then users will be denied login unless they are explicitly listed in the file specified by userlist_file.
When login is denied, the denial is issued before the user is asked for a password.
default=YES