Content-type: text/html Man page of login

login

Section: User Commands (1)
Index Return to Main Contents
 

NAME

login - Signs the user on to the system  

SYNOPSIS

login [-p] [-h host] [[-f] user]

The login command is used when a user initially signs on to the system qnd also by daemons, such as ftp, to create a user's environment.

This security-sensitive command uses the SIA (Security Integration Architecture) routine as an interface to the security mechanism(s) that perform the actual user validation. See the matrix.conf(4) reference page for more information.
 

OPTIONS

With the exception of -p, these options are available only to the superuser. Used by telnetd and other servers to list the host from which the connection was received. Used with a user name user on the command line to indicate that proper authentication was already done and that no password needs to be requested. Causes the remainder of the environment to be preserved; otherwise, any previous environment is discarded.
 

DESCRIPTION

The invocation of login for initial sign-on is made by a system program or server using the privileged -h and -f forms of the login command.

If login is invoked without an argument, it asks for a user name, and, if appropriate, a password. Echoing is turned off (if possible) during the entering of the password, so it will not appear on the written record of the session.

After a successful login, accounting files are updated. You are informed of the existence of mail, and the message of the day and the time of last login are displayed. The mail message, the message of the day, and the last login time are suppressed if there is a .hushlogin file in the home directory; this is mostly used to make life easier for users such as uucp.

Security Note

If you have enhanced security installed on your system, the login command prints the last successful and unsuccessful login times and terminal devices. If the account does not have a password and the authentication profile for the account requires one, login starts the passwd command to establish one for the account.

The login command prohibits you from logging in if any of the following are true: The password for the account has expired and you cannot successfully change the password. The password lifetime for the account has passed. The administrative lock on the account was set. The maximum number of unsuccessful login attempts for the account was exceeded. The maximum number of unsuccessful login attempts for the terminal was exceeded. The administrative lock on the terminal was set. The terminal has an authorized user list and you are not on it. The terminal has time of day restrictions and the current time is not within them. The account was retired by the system administrator.

The login command initializes the user and group IDs and the working directory, then executes a command interpreter according to specifications found in the password file. Argument 0 (zero) of the command interpreter is the name of the command interpreter with a leading - (dash).

The login command also modifies the environment with information specifying home directory, command interpreter, terminal type (if available), and user name.

Security Note

If you have enhanced security installed on your system, the login command always allows root to log in at the console to avoid the situation where all accounts and terminals are locked.

If the file /etc/nologin exists, login prints its contents on your terminal and exits. This is used by shutdown to stop users from logging in when the system is about to go down. If the system is in a cluster, /etc/nologin_{hostname} is also checked

Login is recognized by sh, csh, and ksh and executed directly (without forking).
 

ERRORS

The user name or the password is invalid. Consult your system administrator.

Security Note
If you have enhanced security installed on your system, you may see the following diagnostic messages: The login command cannot invoke the passwd program. The passwd program is invoked, the user is unable to change the password, and the account requires one. is allowed
The login command is allowing a root login at the system console despite a condition that would normally not allow such a login. The account is locked for one of the reasons listed previously. The terminal is locked for one of the reasons listed previously. You are not on the authorized user list for the terminal. The current time is not within the current time-of-day restrictions for the terminal.
After an unsuccessful login attempt, login waits a specified (configurable) amount of time before it prompts for another login attempt.
If the account's password was changed by another user, login prints the time the password was changed and the user who changed it.
If your password is about to expire, login warns you of the time of the impending expiration. Your system administrator sets the warning period.

 

FILES

Contains user and accounting information. Contains login history. Contains last login time stamps. Mail directory. Message of the day. Contains user information. Stops logins. In a cluster there is also /etc/nologin_{hostname}. Suppresses mail notification, message of the day, and last login time.
 

SEE ALSO

Commands:  init(8), getty(8), mail(1), binmail(1), mailx(1), Mail(1), passwd(1), chfn(1), chsh(1), rlogin(1), shutdown(8)

Functions:  getpass(3)

Files:  matrix.conf(4), passwd(4), utmp(4)

Security


 

Index

NAME
SYNOPSIS
OPTIONS
DESCRIPTION
ERRORS
FILES
SEE ALSO

This document was created by man2html, using the manual pages.
Time: 02:42:45 GMT, October 02, 2010