login - Signs the user on to the system
login [-p] [-h host] [[-f] user]
The login command is used when a user initially signs on
to the system and also by daemons, such as ftp, to create
a user's environment.
This security-sensitive command uses the Security Integration
Architecture (SIA) routine as an interface to the
security mechanism(s) that perform the actual user validation.
See the matrix.conf(4) reference page for more
information.
With the exception of -p, these options are available only
to the superuser. Used by telnetd and other servers to
list the host from which the connection was received.
Used with a user name user on the command line to indicate
that proper authentication was already done, and that no
password needs to be requested. Causes the remainder of
the environment to be preserved; otherwise, any previous
environment is discarded.
The invocation of login for initial signon is made by a
system program or server using the privileged -h and -f
forms of the login command.
If login is invoked without an argument, it asks for a
user name, and, if appropriate, a password. Echoing is
turned off (if possible) during the entering of the password,
so it will not appear on the written record of the
session.
After a successful login, accounting files are updated.
You are informed of the existence of mail, and the message
of the day and the time of last login are displayed. The
mail message, the message of the day, and the last login
time are suppressed if there is a file in the home directory;
this is mostly used to make life easier for users
such as uucp.
Security Note
If you have enhanced security installed on your system,
the login command prints the last successful and unsuccessful
login times and terminal devices. If the account
does not have a password and the authentication profile
for the account requires one, login starts the passwd command
to establish one for the account.
The login command prohibits you from logging in if any of
the following are true: The password for the account has
expired and you cannot successfully change the password.
The password lifetime for the account has passed. The
administrative lock on the account was set. The maximum
number of unsuccessful login attempts for the account was
exceeded. The maximum number of unsuccessful login
attempts for the terminal was exceeded. The
administrative lock on the terminal was set. The terminal
has an authorized user list and you are not on it. The
terminal has time of day restrictions and the current time
is not within them. The account was retired by the system
administrator.
The login command initializes the user and group IDs and
the working directory, and then executes a command interpreter
according to specifications found in the password
file. Argument 0 (zero) of the command interpreter is the
name of the command interpreter with a leading - (dash).
The login command also modifies the environment with
information specifying home directory, command interpreter,
terminal type (if available), and user name.
Security Note
If you have enhanced security installed on your system,
the login command always allows root to log in at the console
to avoid the situation where all accounts and terminals
are locked.
If either /etc/nologin_hostname or /etc/nologin exists,
login prints the contents on your terminal and exits. The
shutdown command creates /etc/nologin_hostname (or
/etc/nologin in the case of a clusterwide shutdown) to
stop users from logging in when the system or cluster is
about to go down.
Login is recognized by sh, csh, and ksh and executed
directly (without forking).
The user name or the password is invalid. Consult your
system administrator.
Security Note
If you have enhanced security installed on your
system, you may see the following diagnostic messages:
The login command cannot invoke the passwd
program. The passwd program is invoked, the user
is unable to change the password, and the account
requires one. is allowed
The login command is allowing a root login at the
system console, despite a condition that would normally
not allow such a login. The account is
locked for one of the reasons previously listed.
The terminal is locked for one of the reasons previously
listed. You are not on the authorized
user list for the terminal. The current time is
not within the current time-of-day restrictions for
the terminal.
After an unsuccessful login attempt, login waits a
specified (configurable) amount of time before it
prompts for another login attempt.
If the account's password was changed by another
user, login prints the time the password was
changed and the user who changed it.
If your password is about to expire, login warns
you of the time of the impending expiration. Your
system administrator sets the warning period.
Contains user and accounting information. Contains login
history. Contains last login time stamps. Mail directory.
Message of the day. Contains user information.
Stops logins. In a cluster, /etc/nologin is used instead.
Suppresses mail notification, message of the day, and last
login time.
Commands: binmail(1), chfn(1), chsh(1), getty(8),
init(8), Mail(1), mail(1), mailx(1), passwd(1), rlogin(1),
shutdown(8)
Function: getpass(3)
Files: matrix.conf(4), passwd(4), utmp(4)
Security
login(1)
[ Back ] |
