FreeBSD Manual Pages
login(1) User Commands login(1) NAME login - sign on to the system SYNOPSIS login [-p] [-d device] [-h hostname | [terminal] | -r hostname] [ name [environ]...] DESCRIPTION The login command is used at the beginning of each terminal session to identify oneself to the system. login is invoked by the system when a connection is first established, after the previous user has terminated the login shell by issuing the exit command. If login is invoked as a command, it must replace the initial command interpreter. To invoke login in this fashion, type: exec login from the initial shell. The C shell and Korn shell have their own builtins of login. See ksh(1) and csh(1) for descriptions of login builtins and usage. login asks for your user name, if it is not supplied as an argument, and your password, if appropriate. Where possible, echoing is turned off while you type your password, so it will not appear on the written record of the session. If you make any mistake in the login procedure, the message: Login incorrect is printed and a new login prompt will appear. If you make five incor- rect login attempts, all five may be logged in /var/adm/loginlog, if it exists. The TTY line will be dropped. If password aging is turned on and the password has "aged" (see passwd(1) for more information), the user is forced to changed the password. In this case the /etc/nsswitch.conf file is consulted to de- termine password repositories (see nsswitch.conf(4)). The password up- date configurations supported are limited to the following five cases. o passwd: files o passwd: files nis o passwd: files nisplus o passwd: compat (==> files nis) o passwd: compat (==> files nisplus) passwd_compat: nisplus Failure to comply with the configurations will prevent the user from logging onto the system because passwd(1) will fail. If you do not com- plete the login successfully within a certain period of time, it is likely that you will be silently disconnected. After a successful login, accounting files are updated. Device owner, group, and permissions are set according to the contents of the /etc/logindevperm file, and the time you last logged in is printed (see logindevperm(4)). The user-ID, group-ID, supplementary group list, and working directory are initialized, and the command interpreter (usually ksh) is started. The basic environment is initialized to: HOME=your-login-directory LOGNAME=your-login-name PATH=/usr/bin: SHELL=last-field-of-passwd-entry MAIL=/var/mail/ TZ=timezone-specification For Bourne shell and Korn shell logins, the shell executes /etc/profile and $HOME/.profile, if it exists. For C shell logins, the shell exe- cutes /etc/.login, $HOME/.cshrc, and $HOME/.login. The default /etc/profile and /etc/.login files check quotas (see quota(1M)), print /etc/motd, and check for mail. None of the messages are printed if the file $HOME/.hushlogin exists. The name of the command interpreter is set to - (dash), followed by the last component of the interpreter's path name, for example, -sh. If the login-shell field in the password file (see passwd(4)) is empty, then the default command interpreter, /usr/bin/sh, is used. If this field is * (asterisk), then the named directory becomes the root direc- tory. At that point, login is re-executed at the new level, which must have its own root structure. The environment may be expanded or modified by supplying additional ar- guments to login, either at execution time or when login requests your login name. The arguments may take either the form xxx or xxx=yyy. Ar- guments without an = (equal sign) are placed in the environment as: Ln=xxx where n is a number starting at 0 and is incremented each time a new variable name is required. Variables containing an = (equal sign) are placed in the environment without modification. If they already appear in the environment, then they replace the older values. There are two exceptions: The variables PATH and SHELL cannot be changed. This prevents people logged into restricted shell environments from spawning secondary shells that are not restricted. login under- stands simple single-character quoting conventions. Typing a \ (back- slash) in front of a character quotes it and allows the inclusion of such characters as spaces and tabs. Alternatively, you can pass the current environment by supplying the -p flag to login. This flag indicates that all currently defined environ- ment variables should be passed, if possible, to the new environment. This option does not bypass any environment variable restrictions men- tioned above. Environment variables specified on the login line take precedence, if a variable is passed by both methods. To enable remote logins by root, edit the /etc/default/login file by inserting a # (pound sign) before the CONSOLE=/dev/console entry. See FILES. SECURITY The login command uses pam(3PAM) for authentication, account manage- ment, session management, and password management. The PAM configura- tion policy, listed through /etc/pam.conf, specifies the modules to be used for login. Here is a partial pam.conf file with entries for the login command using the UNIX authentication, account management, and session management modules: login auth required pam_authtok_get.so.1 login auth required pam_dhkeys.so.1 login auth required pam_unix_auth.so.1 login auth required pam_dial_auth.so.1 login account requisite pam_roles.so.1 login account required pam_projects.so.1 login account required pam_unix_account.so.1 login session required pam_unix_session.so.1 The Password Management stack looks like the following: other password required pam_dhkeys.so.1 other password requisite pam_authtok_get.so.1 other password requisite pam_authtok_check.so.1 other password required pam_authtok_store.so.1 If there are no entries for the service, then the entries for the "other" service will be used. If multiple authentication modules are listed, then the user may be prompted for multiple passwords. When login is invoked through rlogind or telnetd, the service name used by PAM is rlogin or telnet, respectively. OPTIONS The following options are supported: -d device login accepts a device option, device. device is taken to be the path name of the TTY port login is to operate on. The use of the device option can be expected to improve login performance, since login will not need to call ttyname(3C). The -d option is avail- able only to users whose UID and effective UID are root. Any other attempt to use -d will cause login to quietly exit. -h hostname [ terminal ] Used by in.telnetd(1M) to pass information about the remote host and terminal type. -p Used to pass environment variables to the login shell. -r hostname Used by in.rlogind(1M) to pass information about the remote host. EXIT STATUS The following exit values are returned: 0 Successful operation. non-zero Error. FILES $HOME/.cshrc initial commands for each csh $HOME/.hushlogin suppresses login messages $HOME/.login user's login commands for csh $HOME/.profile user's login commands for sh and ksh $HOME/.rhosts private list of trusted hostname/username combinations /etc/.login system-wide csh login commands /etc/issue issue or project identification /etc/logindevperm login-based device permissions /etc/motd message-of-the-day /etc/nologin message displayed to users attempting to login during machine shutdown /etc/passwd password file /etc/profile system-wide sh and ksh login commands /etc/shadow list of users' encrypted passwords /usr/bin/sh user's default command interpreter /var/adm/lastlog time of last login /var/adm/loginlog record of failed login attempts /var/adm/utmpx accounting /var/adm/wtmpx accounting /var/mail/your-name mailbox for user your-name /etc/default/login Default value can be set for the following flags in /etc/de- fault/login. For example: TIMEZONE=EST5EDT TIMEZONE Sets the TZ environment variable of the shell (see envi- ron(5)). HZ Sets the HZ environment variable of the shell. ULIMIT Sets the file size limit for the login. Units are disk blocks. Default is zero (no limit). CONSOLE If set, root can login on that device only. This will not prevent execution of remote commands with rsh(1). Comment out this line to allow login by root. PASSREQ Determines if login requires a non-null password. ALTSHELL Determines if login should set the SHELL environment vari- able. PATH Sets the initial shell PATH variable. SUPATH Sets the initial shell PATH variable for root. TIMEOUT Sets the number of seconds (between 0 and 900) to wait be- fore abandoning a login session. UMASK Sets the initial shell file creation mode mask. See umask(1). SYSLOG Determines whether the syslog(3C) LOG_AUTH facility should be used to log all root logins at level LOG_NOTICE and mul- tiple failed login attempts atLOG_CRIT. DISABLETIME If present, and greater than zero, the number of seconds that login will wait after RETRIES failed attempts or the PAM framework returns PAM_ABORT. Default is 20 seconds. Minimum is 0 seconds. No maximum is imposed. SLEEPTIME If present, sets the number of seconds to wait before the login failure message is printed to the screen. This is for any login failure other than PAM_ABORT. Another login at- tempt is allowed, providing RETRIES has not been reached or the PAM framework is returned PAM_MAXTRIES. Default is 4 seconds. Minimum is 0 seconds. Maximum is 5 seconds. RETRIES Sets the number of retries for logging in (see pam(3PAM)). The default is 5. SYSLOG_FAILED_LOGINS Used to determine how many failed login attempts will be allowed by the system before a failed login message is logged, using the syslog(3C) LOG_NOTICE facility. For exam- ple, if the variable is set to 0, login will log all failed login attempts. ATTRIBUTES See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWcsu | +-----------------------------+-----------------------------+ SEE ALSO csh(1), exit(1), ksh(1), mail(1), mailx(1), newgrp(1), passwd(1), rlogin(1), rsh(1), sh(1), shell_builtins(1), telnet(1), umask(1), in.rlogind(1M), in.telnetd(1M), logins(1M), quota(1M), su(1M), sys- logd(1M), useradd(1M), userdel(1M), pam(3PAM), rcmd(3SOCKET), sys- log(3C), ttyname(3C), auth_attr(4), exec_attr(4), hosts.equiv(4), is- sue(4), logindevperm(4), loginlog(4), nologin(4), nsswitch.conf(4), pam.conf(4), passwd(4), profile(4), shadow(4), user_attr(4), utmpx(4), wtmpx(4), attributes(5), environ(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5), pam_authtok_check(5), pam_auth- tok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), termio(7I) DIAGNOSTICS Login incorrect The user name or the password cannot be matched. Not on system console Root login denied. Check the CONSOLE setting in /etc/default/lo- gin. No directory! Logging in with home=/ The user's home directory named in the passwd(4) database cannot be found or has the wrong permissions. Contact your system ad- ministrator. No shell Cannot execute the shell named in the passwd(4) database. Contact your system administrator. NO LOGINS: System going down in N minutes The machine is in the process of being shut down and logins have been disabled. WARNINGS Users with a UID greater than 76695844 are not subject to password ag- ing, and the system does not record their last login time. If you use the CONSOLE setting to disable root logins, you should ar- range that remote command execution by root is also disabled. See rsh(1), rcmd(3SOCKET), and hosts.equiv(4) for further details. NOTES The pam_unix(5) module might not be supported in a future release. Sim- ilar functionality is provided by pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5), pam_authtok_check(5), pam_auth- tok_get(5), pam_authtok_store(5), pam_dhkeys(5), and pam_passwd_auth(5). SunOS 5.9 23 Jan 2002 login(1)
NAME | SYNOPSIS | DESCRIPTION | SECURITY | OPTIONS | EXIT STATUS | FILES | ATTRIBUTES | SEE ALSO | DIAGNOSTICS | WARNINGS | NOTES
Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=login&sektion=1&manpath=SunOS+5.9>