Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
login(1)			 User Commands			      login(1)

NAME
       login - sign on to the system

SYNOPSIS
       login  [-p]  [-d	device]	 [-h hostname  |  [terminal] | -r hostname]  [
       name [environ]...]

DESCRIPTION
       The login command is used at the	beginning of each terminal session  to
       identify	 oneself  to the system. login is invoked by the system	when a
       connection is first established,	after the previous user	has terminated
       the login shell by issuing the exit command.

       If  login  is invoked as	a command, it must replace the initial command
       interpreter. To invoke login in this fashion, type:

       exec login

       from the	initial	shell. The C shell  and	 Korn  shell  have  their  own
       builtins	 of  login.  See  ksh(1)  and csh(1) for descriptions of login
       builtins	and usage.

       login asks for your user	name, if it is not supplied  as	 an  argument,
       and  your  password,  if	appropriate. Where possible, echoing is	turned
       off while you type your password, so it will not	appear on the  written
       record of the session.

       If you make any mistake in the login procedure, the message:

       Login incorrect

       is  printed and a new login prompt will appear. If you make five	incor-
       rect login attempts, all	five may be logged in /var/adm/loginlog, if it
       exists. The TTY line will be dropped.

       If  password  aging  is	turned	on  and	 the  password has "aged" (see
       passwd(1) for more information),	the user  is  forced  to  changed  the
       password.  In this case the /etc/nsswitch.conf file is consulted	to de-
       termine password	repositories (see nsswitch.conf(4)). The password  up-
       date configurations supported are limited to the	following five cases.

	  o  passwd: files

	  o  passwd: files nis

	  o  passwd: files nisplus

	  o  passwd: compat (==> files nis)

	  o  passwd: compat (==> files nisplus)

       passwd_compat: nisplus

       Failure	to  comply  with the configurations will prevent the user from
       logging onto the	system because passwd(1) will fail. If you do not com-
       plete  the  login  successfully	within a certain period	of time, it is
       likely that you will be silently	disconnected.

       After a successful login, accounting files are updated.	Device	owner,
       group,  and  permissions	 are  set  according  to  the  contents	of the
       /etc/logindevperm file, and the time you	last logged in is printed (see
       logindevperm(4)).

       The  user-ID, group-ID, supplementary group list, and working directory
       are initialized,	and the	command	interpreter (usually ksh) is started.

       The basic environment is	initialized to:

	      HOME=your-login-directory
	      LOGNAME=your-login-name
	      PATH=/usr/bin:
	      SHELL=last-field-of-passwd-entry
	      MAIL=/var/mail/
	      TZ=timezone-specification

       For Bourne shell	and Korn shell logins, the shell executes /etc/profile
       and  $HOME/.profile,  if	 it exists. For	C shell	logins,	the shell exe-
       cutes  /etc/.login,  $HOME/.cshrc,  and	 $HOME/.login.	 The   default
       /etc/profile  and /etc/.login files check quotas	(see quota(1M)), print
       /etc/motd, and check for	mail. None of the messages are printed if  the
       file  $HOME/.hushlogin	exists.	The name of the	command	interpreter is
       set to -	(dash),	followed by the	last component	of  the	 interpreter's
       path name, for example, -sh.

       If the login-shell field	in the password	file (see passwd(4)) is	empty,
       then the	default	command	interpreter, /usr/bin/sh,  is  used.  If  this
       field is	* (asterisk), then the named directory becomes the root	direc-
       tory. At	that point, login is re-executed at the	new level, which  must
       have its	own root structure.

       The environment may be expanded or modified by supplying	additional ar-
       guments to login, either	at execution time or when login	requests  your
       login name. The arguments may take either the form xxx or xxx=yyy.  Ar-
       guments without an = (equal sign) are placed in the environment as:

       Ln=xxx

       where n is a number starting at 0 and is	incremented each  time	a  new
       variable	 name  is required. Variables containing an = (equal sign) are
       placed in the environment without modification. If they already	appear
       in the environment, then	they replace the older values.

       There  are  two	exceptions:  The  variables  PATH  and SHELL cannot be
       changed.	This prevents people logged into restricted shell environments
       from  spawning  secondary  shells that are not restricted. login	under-
       stands simple single-character quoting conventions.  Typing a \	(back-
       slash)  in  front  of a character quotes	it and allows the inclusion of
       such characters as spaces and tabs.

       Alternatively, you can pass the current environment by supplying	the -p
       flag  to	login. This flag indicates that	all currently defined environ-
       ment variables should be	passed,	if possible, to	the  new  environment.
       This  option does not bypass any	environment variable restrictions men-
       tioned above. Environment variables specified on	the  login  line  take
       precedence, if a	variable is passed by both methods.

       To  enable  remote  logins by root, edit	the /etc/default/login file by
       inserting a # (pound sign) before the CONSOLE=/dev/console  entry.  See
       FILES.

SECURITY
       The  login  command  uses pam(3PAM) for authentication, account manage-
       ment, session management, and password management. The  PAM  configura-
       tion  policy, listed through /etc/pam.conf, specifies the modules to be
       used for	login. Here is a partial pam.conf file with  entries  for  the
       login  command  using  the UNIX authentication, account management, and
       session management modules:

       login  auth	 required  pam_authtok_get.so.1
       login  auth	 required  pam_dhkeys.so.1
       login  auth	 required  pam_unix_auth.so.1
       login  auth	 required  pam_dial_auth.so.1

       login  account	 requisite pam_roles.so.1
       login  account	 required  pam_projects.so.1
       login  account	 required  pam_unix_account.so.1

       login  session	 required  pam_unix_session.so.1

       The Password Management stack looks like	the following:

       other  password	 required  pam_dhkeys.so.1
       other  password	 requisite  pam_authtok_get.so.1
       other  password	 requisite  pam_authtok_check.so.1
       other  password	 required  pam_authtok_store.so.1

       If there	are no entries for the	service,  then	the  entries  for  the
       "other"	service	 will  be used.	If multiple authentication modules are
       listed, then the	user may be prompted for multiple passwords.

       When login is invoked through rlogind or	telnetd, the service name used
       by PAM is rlogin	or telnet, respectively.

OPTIONS
       The following options are supported:

       -d device
	     login  accepts a device option, device. device is taken to	be the
	     path name of the TTY port login is	to operate on. The use of  the
	     device option can be expected to improve login performance, since
	     login will	not need to call ttyname(3C). The -d option is	avail-
	     able  only	 to  users  whose  UID and effective UID are root. Any
	     other attempt to use -d will cause	login to quietly exit.

       -h hostname [ terminal ]
	     Used by in.telnetd(1M) to pass information	about the remote  host
	     and terminal type.

       -p    Used to pass environment variables	to the login shell.

       -r hostname
	     Used by in.rlogind(1M) to pass information	about the remote host.

EXIT STATUS
       The following exit values are returned:

       0     Successful	operation.

       non-zero
	     Error.

FILES
       $HOME/.cshrc
	     initial commands for each csh

       $HOME/.hushlogin
	     suppresses	login messages

       $HOME/.login
	     user's login commands for csh

       $HOME/.profile
	     user's login commands for sh and ksh

       $HOME/.rhosts
	     private list of trusted hostname/username combinations

       /etc/.login
	     system-wide csh login commands

       /etc/issue
	     issue or project identification

       /etc/logindevperm
	     login-based device	permissions

       /etc/motd
	     message-of-the-day

       /etc/nologin
	     message  displayed	 to  users  attempting to login	during machine
	     shutdown

       /etc/passwd
	     password file

       /etc/profile
	     system-wide sh and	ksh login commands

       /etc/shadow
	     list of users' encrypted passwords

       /usr/bin/sh
	     user's default command interpreter

       /var/adm/lastlog
	     time of last login

       /var/adm/loginlog
	     record of failed login attempts

       /var/adm/utmpx
	     accounting

       /var/adm/wtmpx
	     accounting

       /var/mail/your-name
	     mailbox for user your-name

       /etc/default/login
	     Default value can be set for  the	following  flags  in  /etc/de-
	     fault/login. For example: TIMEZONE=EST5EDT

	     TIMEZONE
		   Sets	 the  TZ  environment variable of the shell (see envi-
		   ron(5)).

	     HZ	   Sets	the HZ environment variable of the shell.

	     ULIMIT
		   Sets	the file size limit for	 the  login.  Units  are  disk
		   blocks.  Default is zero (no	limit).

	     CONSOLE
		   If  set,  root can login on that device only. This will not
		   prevent execution of	remote commands	with  rsh(1).  Comment
		   out this line to allow login	by root.

	     PASSREQ
		   Determines if login requires	a non-null password.

	     ALTSHELL
		   Determines  if login	should set the SHELL environment vari-
		   able.

	     PATH  Sets	the initial shell PATH variable.

	     SUPATH
		   Sets	the initial shell PATH variable	for root.

	     TIMEOUT
		   Sets	the number of seconds (between 0 and 900) to wait  be-
		   fore	abandoning a login session.

	     UMASK Sets	 the  initial  shell  file  creation  mode  mask.  See
		   umask(1).

	     SYSLOG
		   Determines whether the syslog(3C) LOG_AUTH facility	should
		   be used to log all root logins at level LOG_NOTICE and mul-
		   tiple failed	login attempts atLOG_CRIT.

	     DISABLETIME
		   If present, and greater than	zero, the  number  of  seconds
		   that	 login	will wait after	RETRIES	failed attempts	or the
		   PAM framework returns PAM_ABORT.  Default  is  20  seconds.
		   Minimum is 0	seconds. No maximum is imposed.

	     SLEEPTIME
		   If  present,	 sets the number of seconds to wait before the
		   login failure message is printed to the screen. This	is for
		   any	login  failure other than PAM_ABORT. Another login at-
		   tempt is allowed, providing RETRIES has not been reached or
		   the	PAM  framework	is returned PAM_MAXTRIES. Default is 4
		   seconds. Minimum is 0 seconds. Maximum is 5 seconds.

	     RETRIES
		   Sets	the number of retries for logging in (see  pam(3PAM)).
		   The default is 5.

	     SYSLOG_FAILED_LOGINS
		   Used	 to  determine	how many failed	login attempts will be
		   allowed by the system before	 a  failed  login  message  is
		   logged, using the syslog(3C)	LOG_NOTICE facility. For exam-
		   ple,	if the variable	is set to 0, login will	log all	failed
		   login attempts.

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO
       csh(1),	exit(1),  ksh(1),  mail(1),  mailx(1),	newgrp(1),  passwd(1),
       rlogin(1),  rsh(1),  sh(1),  shell_builtins(1),	telnet(1),   umask(1),
       in.rlogind(1M),	in.telnetd(1M),	 logins(1M),  quota(1M),  su(1M), sys-
       logd(1M),  useradd(1M),	userdel(1M),  pam(3PAM),  rcmd(3SOCKET),  sys-
       log(3C),	 ttyname(3C),  auth_attr(4), exec_attr(4), hosts.equiv(4), is-
       sue(4),	logindevperm(4),  loginlog(4),	nologin(4),  nsswitch.conf(4),
       pam.conf(4),  passwd(4),	profile(4), shadow(4), user_attr(4), utmpx(4),
       wtmpx(4),     attributes(5),	 environ(5),	  pam_unix_account(5),
       pam_unix_auth(5),  pam_unix_session(5), pam_authtok_check(5), pam_auth-
       tok_get(5),  pam_authtok_store(5),  pam_dhkeys(5),  pam_passwd_auth(5),
       termio(7I)

DIAGNOSTICS
       Login incorrect
	     The user name or the password cannot be matched.

       Not on system console
	     Root  login denied. Check the CONSOLE setting in /etc/default/lo-
	     gin.

       No directory! Logging in	with home=/
	     The user's	home directory named in	the passwd(4) database	cannot
	     be	 found	or has the wrong permissions.  Contact your system ad-
	     ministrator.

       No shell
	     Cannot execute the	shell named in the passwd(4) database. Contact
	     your system administrator.

       NO LOGINS: System going down in N minutes
	     The  machine is in	the process of being shut down and logins have
	     been disabled.

WARNINGS
       Users with a UID	greater	than 76695844 are not subject to password  ag-
       ing, and	the system does	not record their last login time.

       If  you	use the	CONSOLE	setting	to disable root	logins,	you should ar-
       range that remote command execution  by	root  is  also	disabled.  See
       rsh(1), rcmd(3SOCKET), and hosts.equiv(4) for further details.

NOTES
       The pam_unix(5) module might not	be supported in	a future release. Sim-
       ilar    functionality	is    provided	   by	  pam_unix_account(5),
       pam_unix_auth(5),  pam_unix_session(5), pam_authtok_check(5), pam_auth-
       tok_get(5),	 pam_authtok_store(5),	     pam_dhkeys(5),	   and
       pam_passwd_auth(5).

SunOS 5.9			  23 Jan 2002			      login(1)

NAME | SYNOPSIS | DESCRIPTION | SECURITY | OPTIONS | EXIT STATUS | FILES | ATTRIBUTES | SEE ALSO | DIAGNOSTICS | WARNINGS | NOTES

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=login&sektion=1&manpath=SunOS+5.9>

home | help