SunOS man pages : login (1)
User Commands login(1)
NAME
login - sign on to the system
SYNOPSIS
login [ -p ] [ -d device ] [ -h hostname | [ terminal ] |
-r hostname ] [ name [ environ ] ... ]
DESCRIPTION
The login command is used at the beginning of each terminal
session to identify oneself to the system. login is invoked
by the system when a connection is first established, after
the previous user has terminated the login shell by issuing
the exit command.
If login is invoked as a command, it must replace the ini-
tial command interpreter. To invoke login in this fashion,
type:
exec login
from the initial shell. The C shell and Korn shell have
their own builtins of login. See ksh(1) and csh(1) for
descriptions of login builtins and usage.
login asks for your user name, if it is not supplied as an
argument, and your password, if appropriate. Where possible,
echoing is turned off while you type your password, so it
will not appear on the written record of the session.
If you make any mistake in the login procedure, the message:
Login incorrect
is printed and a new login prompt will appear. If you make
five incorrect login attempts, all five may be logged in
/var/adm/loginlog, if it exists. The TTY line will be
dropped.
If password aging is turned on and the password has "aged"
(see passwd(1) for more information), the user is forced to
changed the password. In this case the /etc/nsswitch.conf
file is consulted to determine password repositories (see
nsswitch.conf(4)). The password update configurations sup-
ported are limited to the following five cases.
o passwd: files
o passwd: files nis
SunOS 5.8 Last change: 11 Aug 1999 1
User Commands login(1)
o passwd: files nisplus
o passwd: compat (==> files nis)
o passwd: compat (==> files nisplus)
passwd_compat: nisplus
Failure to comply with the configurations will prevent the
user from logging onto the system because passwd(1) will
fail. If you do not complete the login successfully within a
certain period of time, it is likely that you will be
silently disconnected.
After a successful login, accounting files are updated. Dev-
ice owner, group, and permissions are set according to the
contents of the /etc/logindevperm file, and the time you
last logged in is printed (see logindevperm(4)).
The user-ID, group-ID, supplementary group list, and working
directory are initialized, and the command interpreter (usu-
ally ksh) is started.
The basic environment is initialized to:
HOME=your-login-directory
LOGNAME=your-login-name
PATH=/usr/bin:
SHELL=last-field-of-passwd-entry
MAIL=/var/mail/TZ=timezone-specification
For Bourne shell and Korn shell logins, the shell executes
/etc/profile and $HOME/.profile, if it exists. For C shell
logins, the shell executes /etc/.login, $HOME/.cshrc , and
$HOME/.login . The default /etc/profile and /etc/.login
files check quotas (see quota(1M)), print /etc/motd, and
check for mail. None of the messages are printed if the file
$HOME/.hushlogin exists. The name of the command inter-
preter is set to - (dash), followed by the last component of
the interpreter's path name, for example, -sh.
If the login-shell field in the password file (see
passwd(4)) is empty, then the default command interpreter,
/usr/bin/sh, is used. If this field is * (asterisk), then
the named directory becomes the root directory. At that
point, login is re-executed at the new level, which must
have its own root structure.
SunOS 5.8 Last change: 11 Aug 1999 2
User Commands login(1)
The environment may be expanded or modified by supplying
additional arguments to login, either at execution time or
when login requests your login name. The arguments may take
either the form xxx or xxx=yyy. Arguments without an =
(equal sign) are placed in the environment as:
Ln=xxx
where n is a number starting at 0 and is incremented each
time a new variable name is required. Variables containing
an = (equal sign) are placed in the environment without
modification. If they already appear in the environment,
then they replace the older values.
There are two exceptions: The variables PATH and SHELL can-
not be changed. This prevents people logged into restricted
shell environments from spawning secondary shells that are
not restricted. login understands simple single-character
quoting conventions. Typing a \ (backslash) in front of a
character quotes it and allows the inclusion of such charac-
ters as spaces and tabs.
Alternatively, you can pass the current environment by sup-
plying the -p flag to login. This flag indicates that all
currently defined environment variables should be passed, if
possible, to the new environment. This option does not
bypass any environment variable restrictions mentioned
above. Environment variables specified on the login line
take precedence, if a variable is passed by both methods.
To enable remote logins by root, edit the /etc/default/login
file by inserting a # (pound sign) before the
CONSOLE=/dev/console entry. See FILES.
SECURITY
The login command uses pam(3PAM) for authentication, account
management, session management, and password management. The
PAM configuration policy, listed through /etc/pam.conf,
specifies the modules to be used for login. Here is a par-
tial pam.conf file with entries for the login command using
the UNIX authentication, account management, session manage-
ment, and password management module.
login auth required /usr/lib/security/pam_unix.so.1
login account required /usr/lib/security/pam_unix.so.1
login session required /usr/lib/security/pam_unix.so.1
login password required /usr/lib/security/pam_unix.so.1
If there are no entries for the login service, then the
entries for the "other" service will be used. If multiple
SunOS 5.8 Last change: 11 Aug 1999 3
User Commands login(1)
authentication modules are listed, then the user may be
prompted for multiple passwords.
When login is invoked through rlogind or telnetd, the ser-
vice name used by PAM is rlogin or telnet respectively.
OPTIONS
The following options are supported:
-d device
login accepts a device option, device. device is taken
to be the path name of the TTY port login is to
operate on. The use of the device option can be
expected to improve login performance, since login
will not need to call ttyname(3C). The -d option is
available only to users whose UID and effective UID
are root. Any other attempt to use -d will cause login
to quietly exit.
-h hostname [ terminal ]
Used by in.telnetd(1M) to pass information about the
remote host and terminal type.
-p Used to pass environment variables to the login shell.
-r hostname
Used by in.rlogind(1M) to pass information about the
remote host.
EXIT STATUS
The following exit values are returned:
0 Successful operation.
non-zero
Error.
FILES
$HOME/.cshrc
initial commands for each csh
$HOME/.hushlogin
suppresses login messages
$HOME/.login
user's login commands for csh
$HOME/.profile
user's login commands for sh and ksh
$HOME/.rhosts
private list of trusted hostname/username combinations
SunOS 5.8 Last change: 11 Aug 1999 4
User Commands login(1)
/etc/.login
system-wide csh login commands
/etc/logindevperm
login-based device permissions
/etc/motd
message-of-the-day
/etc/nologin
message displayed to users attempting to login during
machine shutdown
/etc/passwd
password file
/etc/profile
system-wide sh and ksh login commands
/etc/shadow
list of users' encrypted passwords
/usr/bin/sh
user's default command interpreter
/var/adm/lastlog
time of last login
/var/adm/loginlog
record of failed login attempts
/var/adm/utmp
accounting
/var/adm/wtmp
accounting
/var/mail/your-name
mailbox for user your-name
/etc/default/login
Default value can be set for the following flags in
/etc/default/login. For example: TIMEZONE=EST5EDT
TIMEZONE
Sets the TZ environment variable of the shell
(see environ(5)).
HZ Sets the HZ environment variable of the shell.
ULIMIT
Sets the file size limit for the login. Units
SunOS 5.8 Last change: 11 Aug 1999 5
User Commands login(1)
are disk blocks. Default is zero (no limit).
CONSOLE
If set, root can login on that device only. This
will not prevent execution of remote commands
with rsh(1). Comment out this line to allow
login by root.
PASSREQ
Determines if login requires a non-null pass-
word.
ALTSHELL
Determines if login should set the SHELL
environment variable.
PATH Sets the initial shell PATH variable.
SUPATH
Sets the initial shell PATH variable for root.
TIMEOUT
Sets the number of seconds (between 0 and 900)
to wait before abandoning a login session.
UMASK Sets the initial shell file creation mode mask.
See umask(1).
SYSLOG
Determines whether the syslog(3C) LOG_AUTH
facility should be used to log all root logins
at level LOG_NOTICE and multiple failed login
attempts atLOG_CRIT.
SLEEPTIME
If present, sets the number of seconds to wait
before login failure is printed to the screen
and another login attempt is allowed. Default is
4 seconds. Minimum is 0 seconds. Maximum is 5
seconds.
RETRIES
Sets the number of retries for logging in (see
pam(3PAM)). The default is 5.
SYSLOG_FAILED_LOGINS
Used to determine how many failed login attempts
will be allowed by the system before a failed
login message is logged, using the syslog(3C)
LOG_NOTICE facility. For example, if the vari-
able is set to 0, login will log all failed
login attempts.
SunOS 5.8 Last change: 11 Aug 1999 6
User Commands login(1)
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWcsu |
|_____________________________|_____________________________|
SEE ALSO
csh(1), exit(1), ksh(1), mail(1), mailx(1), newgrp(1),
passwd(1), rlogin(1), rsh(1), sh(1), shell_builtins(1), telnet(1)
, umask(1), admintool(1M), in.rlogind(1M),
in.telnetd(1M), logins(1M), quota(1M), su(1M), syslogd(1M),
useradd(1M), userdel(1M), pam(3PAM), rcmd(3SOCKET),
syslog(3C), ttyname(3C), hosts.equiv(4), logindevperm(4),
loginlog(4), nologin(4), nsswitch.conf(4), pam.conf(4),
passwd(4), profile(4), shadow(4), utmp(4), wtmp(4), attributes(5)
, environ(5), pam_unix(5), termio(7I)
DIAGNOSTICS
Login incorrect
The user name or the password cannot be matched.
Not on system console
Root login denied. Check the CONSOLE setting in
/etc/default/login.
No directory! Logging in with home=/
The user's home directory named in the passwd(4) data-
base cannot be found or has the wrong permissions.
Contact your system administrator.
No shell
Cannot execute the shell named in the passwd(4) data-
base. Contact your system administrator.
NO LOGINS: System going down in N minutes
The machine is in the process of being shut down and
logins have been disabled.
WARNINGS
Users with a UID greater than 76695844 are not subject to
password aging, and the system does not record their last
login time.
If you use the CONSOLE setting to disable root logins, you
should arrange that remote command execution by root is also
disabled. See rsh(1), rcmd(3SOCKET), and hosts.equiv(4) for
further details.
SunOS 5.8 Last change: 11 Aug 1999 7
|
 |
|
|
