unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



login(1)							     login(1)



NAME

  login	- Signs	the user on to the system

SYNOPSIS

  login	[-p] [-h host] [[-f] user]

  The login command is used when a user	initially signs	on to the system and
  also by daemons, such	as ftp,	to create a user's environment.

  This security-sensitive command uses the Security Integration	Architecture
  (SIA)	routine	as an interface	to the security	mechanism(s) that perform the
  actual user validation. See the matrix.conf(4) reference page	for more
  information.

OPTIONS

  With the exception of	-p, these options are available	only to	the
  superuser.

  -h host
      Used by telnetd and other	servers	to list	the host from which the	con-
      nection was received.

  -f  Used with	a user name user on the	command	line to	indicate that proper
      authentication was already done, and that	no password needs to be
      requested.

  -p  Causes the remainder of the environment to be preserved; otherwise, any
      previous environment is discarded.

DESCRIPTION

  The invocation of login for initial signon is	made by	a system program or
  server using the privileged -h and -f	forms of the login command.

  If login is invoked without an argument, it asks for a user name, and, if
  appropriate, a password.  Echoing is turned off (if possible)	during the
  entering of the password, so it will not appear on the written record	of
  the session.

  After	a successful login, accounting files are updated.  You are informed
  of the existence of mail, and	the message of the day and the time of last
  login	are displayed.	The mail message, the message of the day, and the
  last login time are suppressed if there is a .hushlogin file in the home
  directory; this is mostly used to make life easier for users such as uucp.






				 Security Note

       If you have enhanced security installed on your system, the login com-
       mand prints the last successful and unsuccessful	login times and	ter-
       minal devices.  If the account does not have a password and the
       authentication profile for the account requires one, login starts the
       passwd command to establish one for the account.

       The login command prohibits you from logging in if any of the follow-
       ing are true:

	 +  The	password for the account has expired and you cannot success-
	    fully change the password.

	 +  The	password lifetime for the account has passed.

	 +  The	administrative lock on the account was set.

	 +  The	maximum	number of unsuccessful login attempts for the account
	    was	exceeded.

	 +  The	maximum	number of unsuccessful login attempts for the termi-
	    nal	was exceeded.

	 +  The	administrative lock on the terminal was	set.

	 +  The	terminal has an	authorized user	list and you are not on	it.

	 +  The	terminal has time of day restrictions and the current time is
	    not	within them.

	 +  The	account	was retired by the system administrator.

  The login command initializes	the user and group IDs and the working direc-
  tory,	and then executes a command interpreter	 according to specifications
  found	in the password	file. Argument 0 (zero)	of the command interpreter is
  the name of the command interpreter with a leading - (dash).

  The login command also modifies the environment with information specifying
  home directory, command interpreter, terminal	type (if available), and user
  name.

				 Security Note

       If you have enhanced security installed on your system, the login com-
       mand always allows root to log in at the	console	to avoid the situa-
       tion where all accounts and terminals are locked.

  If either /etc/nologin_hostname or /etc/nologin exists, login	prints the
  contents on your terminal and	exits. The shutdown command creates
  /etc/nologin_hostname	(or /etc/nologin in  the case of a clusterwide shut-
  down)	to stop	users from logging in when  the	system or cluster is about to
  go down.

  Login	is recognized by sh, csh, and ksh and executed directly	(without
  forking).

ERRORS

  Login	incorrect
      The user name or the password is invalid.

  No Shell, cannot open	password file, no directory
      Consult your system administrator.



				   Security Note

	 If you	have enhanced security installed on your system, you may see
	 the following diagnostic messages:

	   Cannot execute passwd program
	       The login command cannot	invoke the passwd program.

	   Login aborted due to	no password
	       The passwd program is invoked, the user is unable to change
	       the password, and the account requires one.

	   Account/Terminal is disabled	but console login
	       is allowed

	       The login command is allowing a root login at the system	con-
	       sole, despite a condition that would normally not allow such a
	       login.

	   Account is disabled - see System Admin
	       The account is locked for one of	the reasons previously
	       listed.

	   Terminal is disabled	- see System Admin
	       The terminal is locked for one of the reasons previously
	       listed.

	   Not authorized for terminal access -	see System Admin
	       You are not on the authorized user list for the terminal.

	   Wrong time period to	log into this terminal
	       The current time	is not within the current time-of-day res-
	       trictions for the terminal.

	 After an unsuccessful login attempt, login waits a specified (confi-
	 gurable) amount of time before	it prompts for another login attempt.

	 If the	account's password was changed by another user,	login prints
	 the time the password was changed and the user	who changed it.

	 If your password is about to expire, login warns you of the time of
	 the impending expiration.  Your system	administrator sets the warn-
	 ing period.



FILES

  /var/adm/utmp
      Contains user and	accounting information.

  /var/adm/wtmp
      Contains login history.

  /usr/adm/lastlog
      Contains last login time stamps.

  /var/spool/mail/*
      Mail directory.

  /etc/motd
      Message of the day.

  /etc/passwd
      Contains user information.

  /etc/nologin_hostname
      Stops logins. In a cluster, /etc/nologin is used instead.

  .hushlogin
      Suppresses mail notification, message of the day,	and last login time.

SEE ALSO

  Commands:   binmail(1), chfn(1), chsh(1), getty(8), init(8), Mail(1),
  mail(1), mailx(1), passwd(1),	rlogin(1), shutdown(8)

  Function:  getpass(3)

  Files:  matrix.conf(4), passwd(4), utmp(4)

  Security