Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
login(1)			 User Commands			      login(1)

       login - sign on to the system

       login  [-p]  [-d	device]	 [-h hostname  |  [terminal] | -r hostname]  [
       name [environ]...]

       The login command is used at the	beginning of each terminal session  to
       identify	 oneself  to the system. login is invoked by the system	when a
       connection is first established,	after the previous user	has terminated
       the login shell by issuing the exit command.

       If  login  is invoked as	a command, it must replace the initial command
       interpreter. To invoke login in this fashion, type:

       exec login

       from the	initial	shell. The C shell  and	 Korn  shell  have  their  own
       builtins	 of  login.  See  ksh(1)  and csh(1) for descriptions of login
       builtins	and usage.

       login asks for your user	name, if it is not supplied  as	 an  argument,
       and  your  password,  if	appropriate. Where possible, echoing is	turned
       off while you type your password, so it will not	appear on the  written
       record of the session.

       If you make any mistake in the login procedure, the message:

       Login incorrect

       is  printed and a new login prompt will appear. If you make five	incor-
       rect login attempts, all	five may be logged in /var/adm/loginlog, if it
       exists. The TTY line will be dropped.

       If  password  aging  is	turned	on  and	 the  password has "aged" (see
       passwd(1) for more information),	the user  is  forced  to  changed  the
       password.  In this case the /etc/nsswitch.conf file is consulted	to de-
       termine password	repositories (see nsswitch.conf(4)). The password  up-
       date configurations supported are limited to the	following five cases.

	  o  passwd: files

	  o  passwd: files nis

	  o  passwd: files nisplus

	  o  passwd: compat (==> files nis)

	  o  passwd: compat (==> files nisplus)

       passwd_compat: nisplus

       Failure	to  comply  with the configurations will prevent the user from
       logging onto the	system because passwd(1) will fail. If you do not com-
       plete  the  login  successfully	within a certain period	of time, it is
       likely that you will be silently	disconnected.

       After a successful login, accounting files are updated.	Device	owner,
       group,  and  permissions	 are  set  according  to  the  contents	of the
       /etc/logindevperm file, and the time you	last logged in is printed (see

       The  user-ID, group-ID, supplementary group list, and working directory
       are initialized,	and the	command	interpreter (usually ksh) is started.

       The basic environment is	initialized to:


       For Bourne shell	and Korn shell logins, the shell executes /etc/profile
       and  $HOME/.profile,  if	 it exists. For	C shell	logins,	the shell exe-
       cutes  /etc/.login,  $HOME/.cshrc,  and	 $HOME/.login.	 The   default
       /etc/profile  and /etc/.login files check quotas	(see quota(1M)), print
       /etc/motd, and check for	mail. None of the messages are printed if  the
       file  $HOME/.hushlogin	exists.	The name of the	command	interpreter is
       set to -	(dash),	followed by the	last component	of  the	 interpreter's
       path name, for example, -sh.

       If the login-shell field	in the password	file (see passwd(4)) is	empty,
       then the	default	command	interpreter, /usr/bin/sh,  is  used.  If  this
       field is	* (asterisk), then the named directory becomes the root	direc-
       tory. At	that point, login is re-executed at the	new level, which  must
       have its	own root structure.

       The environment may be expanded or modified by supplying	additional ar-
       guments to login, either	at execution time or when login	requests  your
       login name. The arguments may take either the form xxx or xxx=yyy.  Ar-
       guments without an = (equal sign) are placed in the environment as:


       where n is a number starting at 0 and is	incremented each  time	a  new
       variable	 name  is required. Variables containing an = (equal sign) are
       placed in the environment without modification. If they already	appear
       in the environment, then	they replace the older values.

       There  are  two	exceptions:  The  variables  PATH  and SHELL cannot be
       changed.	This prevents people logged into restricted shell environments
       from  spawning  secondary  shells that are not restricted. login	under-
       stands simple single-character quoting conventions.  Typing a \	(back-
       slash)  in  front  of a character quotes	it and allows the inclusion of
       such characters as spaces and tabs.

       Alternatively, you can pass the current environment by supplying	the -p
       flag  to	login. This flag indicates that	all currently defined environ-
       ment variables should be	passed,	if possible, to	the  new  environment.
       This  option does not bypass any	environment variable restrictions men-
       tioned above. Environment variables specified on	the  login  line  take
       precedence, if a	variable is passed by both methods.

       To  enable  remote  logins by root, edit	the /etc/default/login file by
       inserting a # (pound sign) before the CONSOLE=/dev/console  entry.  See

       The  login  command  uses pam(3PAM) for authentication, account manage-
       ment, session management, and password management. The  PAM  configura-
       tion  policy, listed through /etc/pam.conf, specifies the modules to be
       used for	login. Here is a partial pam.conf file with  entries  for  the
       login  command  using  the UNIX authentication, account management, and
       session management modules:

       login  auth	 required
       login  auth	 required
       login  auth	 required
       login  auth	 required

       login  account	 requisite
       login  account	 required
       login  account	 required

       login  session	 required

       The Password Management stack looks like	the following:

       other  password	 required
       other  password	 requisite
       other  password	 requisite
       other  password	 required

       If there	are no entries for the	service,  then	the  entries  for  the
       "other"	service	 will  be used.	If multiple authentication modules are
       listed, then the	user may be prompted for multiple passwords.

       When login is invoked through rlogind or	telnetd, the service name used
       by PAM is rlogin	or telnet, respectively.

       The following options are supported:

       -d device
	     login  accepts a device option, device. device is taken to	be the
	     path name of the TTY port login is	to operate on. The use of  the
	     device option can be expected to improve login performance, since
	     login will	not need to call ttyname(3C). The -d option is	avail-
	     able  only	 to  users  whose  UID and effective UID are root. Any
	     other attempt to use -d will cause	login to quietly exit.

       -h hostname [ terminal ]
	     Used by in.telnetd(1M) to pass information	about the remote  host
	     and terminal type.

       -p    Used to pass environment variables	to the login shell.

       -r hostname
	     Used by in.rlogind(1M) to pass information	about the remote host.

       The following exit values are returned:

       0     Successful	operation.


	     initial commands for each csh

	     suppresses	login messages

	     user's login commands for csh

	     user's login commands for sh and ksh

	     private list of trusted hostname/username combinations

	     system-wide csh login commands

	     issue or project identification

	     login-based device	permissions


	     message  displayed	 to  users  attempting to login	during machine

	     password file

	     system-wide sh and	ksh login commands

	     list of users' encrypted passwords

	     user's default command interpreter

	     time of last login

	     record of failed login attempts



	     mailbox for user your-name

	     Default value can be set for  the	following  flags  in  /etc/de-
	     fault/login. For example: TIMEZONE=EST5EDT

		   Sets	 the  TZ  environment variable of the shell (see envi-

	     HZ	   Sets	the HZ environment variable of the shell.

		   Sets	the file size limit for	 the  login.  Units  are  disk
		   blocks.  Default is zero (no	limit).

		   If  set,  root can login on that device only. This will not
		   prevent execution of	remote commands	with  rsh(1).  Comment
		   out this line to allow login	by root.

		   Determines if login requires	a non-null password.

		   Determines  if login	should set the SHELL environment vari-

	     PATH  Sets	the initial shell PATH variable.

		   Sets	the initial shell PATH variable	for root.

		   Sets	the number of seconds (between 0 and 900) to wait  be-
		   fore	abandoning a login session.

	     UMASK Sets	 the  initial  shell  file  creation  mode  mask.  See

		   Determines whether the syslog(3C) LOG_AUTH facility	should
		   be used to log all root logins at level LOG_NOTICE and mul-
		   tiple failed	login attempts atLOG_CRIT.

		   If present, and greater than	zero, the  number  of  seconds
		   that	 login	will wait after	RETRIES	failed attempts	or the
		   PAM framework returns PAM_ABORT.  Default  is  20  seconds.
		   Minimum is 0	seconds. No maximum is imposed.

		   If  present,	 sets the number of seconds to wait before the
		   login failure message is printed to the screen. This	is for
		   any	login  failure other than PAM_ABORT. Another login at-
		   tempt is allowed, providing RETRIES has not been reached or
		   the	PAM  framework	is returned PAM_MAXTRIES. Default is 4
		   seconds. Minimum is 0 seconds. Maximum is 5 seconds.

		   Sets	the number of retries for logging in (see  pam(3PAM)).
		   The default is 5.

		   Used	 to  determine	how many failed	login attempts will be
		   allowed by the system before	 a  failed  login  message  is
		   logged, using the syslog(3C)	LOG_NOTICE facility. For exam-
		   ple,	if the variable	is set to 0, login will	log all	failed
		   login attempts.

       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availability		     |SUNWcsu			   |

       csh(1),	exit(1),  ksh(1),  mail(1),  mailx(1),	newgrp(1),  passwd(1),
       rlogin(1),  rsh(1),  sh(1),  shell_builtins(1),	telnet(1),   umask(1),
       in.rlogind(1M),	in.telnetd(1M),	 logins(1M),  quota(1M),  su(1M), sys-
       logd(1M),  useradd(1M),	userdel(1M),  pam(3PAM),  rcmd(3SOCKET),  sys-
       log(3C),	 ttyname(3C),  auth_attr(4), exec_attr(4), hosts.equiv(4), is-
       sue(4),	logindevperm(4),  loginlog(4),	nologin(4),  nsswitch.conf(4),
       pam.conf(4),  passwd(4),	profile(4), shadow(4), user_attr(4), utmpx(4),
       wtmpx(4),     attributes(5),	 environ(5),	  pam_unix_account(5),
       pam_unix_auth(5),  pam_unix_session(5), pam_authtok_check(5), pam_auth-
       tok_get(5),  pam_authtok_store(5),  pam_dhkeys(5),  pam_passwd_auth(5),

       Login incorrect
	     The user name or the password cannot be matched.

       Not on system console
	     Root  login denied. Check the CONSOLE setting in /etc/default/lo-

       No directory! Logging in	with home=/
	     The user's	home directory named in	the passwd(4) database	cannot
	     be	 found	or has the wrong permissions.  Contact your system ad-

       No shell
	     Cannot execute the	shell named in the passwd(4) database. Contact
	     your system administrator.

       NO LOGINS: System going down in N minutes
	     The  machine is in	the process of being shut down and logins have
	     been disabled.

       Users with a UID	greater	than 76695844 are not subject to password  ag-
       ing, and	the system does	not record their last login time.

       If  you	use the	CONSOLE	setting	to disable root	logins,	you should ar-
       range that remote command execution  by	root  is  also	disabled.  See
       rsh(1), rcmd(3SOCKET), and hosts.equiv(4) for further details.

       The pam_unix(5) module might not	be supported in	a future release. Sim-
       ilar    functionality	is    provided	   by	  pam_unix_account(5),
       pam_unix_auth(5),  pam_unix_session(5), pam_authtok_check(5), pam_auth-
       tok_get(5),	 pam_authtok_store(5),	     pam_dhkeys(5),	   and

SunOS 5.9			  23 Jan 2002			      login(1)


Want to link to this manual page? Use this URL:

home | help