|
Hopefully, this page is exactly what you are looking for, but if not, you can always find further assistance on Unix/Linux Forum!
User Commands login(1)
NAME
login - sign on to the system
SYNOPSIS
login [-p] [-d device] [-R repository] [-s service] [-t ter-
minal] [-u identity] [-U ruser] [-h hostname [terminal] |
-r hostname] [ name [environ]...]
DESCRIPTION
The login command is used at the beginning of each terminal
session to identify oneself to the system. login is invoked
by the system when a connection is first established, after
the previous user has terminated the login shell by issuing
the exit command.
If login is invoked as a command, it must replace the ini-
tial command interpreter. To invoke login in this fashion,
type:
exec login
from the initial shell. The C shell and Korn shell have
their own builtins of login. See ksh(1) and csh(1) for
descriptions of login builtins and usage.
login asks for your user name, if it is not supplied as an
argument, and your password, if appropriate. Where possible,
echoing is turned off while you type your password, so it
will not appear on the written record of the session.
If you make any mistake in the login procedure, the message:
Login incorrect
is printed and a new login prompt will appear. If you make
five incorrect login attempts, all five may be logged in
/var/adm/loginlog, if it exists. The TTY line will be
dropped.
If password aging is turned on and the password has "aged"
(see passwd(1) for more information), the user is forced to
changed the password. In this case the /etc/nsswitch.conf
file is consulted to determine password repositories (see
nsswitch.conf(4)). The password update configurations sup-
ported are limited to the following five cases.
o passwd: files
o passwd: files nis
o passwd: files nisplus
SunOS 5.10 Last change: 24 May 2005 1
User Commands login(1)
o passwd: compat (==> files nis)
o passwd: compat (==> files nisplus)
passwd_compat: nisplus
Failure to comply with the configurations will prevent the
user from logging onto the system because passwd(1) will
fail. If you do not complete the login successfully within a
certain period of time, it is likely that you will be
silently disconnected.
After a successful login, accounting files are updated. Dev-
ice owner, group, and permissions are set according to the
contents of the /etc/logindevperm file, and the time you
last logged in is printed (see logindevperm(4)).
The user-ID, group-ID, supplementary group list, and working
directory are initialized, and the command interpreter (usu-
ally ksh) is started.
The basic environment is initialized to:
HOME=your-login-directory
LOGNAME=your-login-name
PATH=/usr/bin:
SHELL=last-field-of-passwd-entry
MAIL=/var/mail/
TZ=timezone-specification
For Bourne shell and Korn shell logins, the shell executes
/etc/profile and $HOME/.profile, if it exists. For C shell
logins, the shell executes /etc/.login, $HOME/.cshrc, and
$HOME/.login. The default /etc/profile and /etc/.login files
check quotas (see quota(1M)), print /etc/motd, and check for
mail. None of the messages are printed if the file
$HOME/.hushlogin exists. The name of the command inter-
preter is set to - (dash), followed by the last component of
the interpreter's path name, for example, -sh.
If the login-shell field in the password file (see
passwd(4)) is empty, then the default command interpreter,
/usr/bin/sh, is used. If this field is * (asterisk), then
the named directory becomes the root directory. At that
point, login is re-executed at the new level, which must
have its own root structure.
The environment may be expanded or modified by supplying
additional arguments to login, either at execution time or
when login requests your login name. The arguments may take
SunOS 5.10 Last change: 24 May 2005 2
User Commands login(1)
either the form xxx or xxx=yyy. Arguments without an =
(equal sign) are placed in the environment as:
Ln=xxx
where n is a number starting at 0 and is incremented each
time a new variable name is required. Variables containing
an = (equal sign) are placed in the environment without
modification. If they already appear in the environment,
then they replace the older values.
There are two exceptions: The variables PATH and SHELL can-
not be changed. This prevents people logged into restricted
shell environments from spawning secondary shells that are
not restricted. login understands simple single-character
quoting conventions. Typing a \ (backslash) in front of a
character quotes it and allows the inclusion of such charac-
ters as spaces and tabs.
Alternatively, you can pass the current environment by sup-
plying the -p flag to login. This flag indicates that all
currently defined environment variables should be passed, if
possible, to the new environment. This option does not
bypass any environment variable restrictions mentioned
above. Environment variables specified on the login line
take precedence, if a variable is passed by both methods.
To enable remote logins by root, edit the /etc/default/login
file by inserting a # (pound sign) before the
CONSOLE=/dev/console entry. See FILES.
SECURITY
For accounts in name services which support automatic
account locking, the account may be configured to be
automatically locked (see user_attr(4) and policy.conf(4))
if successive failed login attempts equals or exceeds
RETRIES. Currently, only the "files" repository (see
passwd(4) and shadow(4)) supports automatic account locking.
See also pam_unix_auth(5).
The login command uses pam(3PAM) for authentication, account
management, session management, and password management. The
PAM configuration policy, listed through /etc/pam.conf,
specifies the modules to be used for login. Here is a par-
tial pam.conf file with entries for the login command using
the UNIX authentication, account management, and session
management modules:
login auth required pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_auth.so.1
SunOS 5.10 Last change: 24 May 2005 3
User Commands login(1)
login auth required pam_dial_auth.so.1
login account requisite pam_roles.so.1
login account required pam_projects.so.1
login account required pam_unix_account.so.1
login session required pam_unix_session.so.1
The Password Management stack looks like the following:
other password required pam_dhkeys.so.1
other password requisite pam_authtok_get.so.1
other password requisite pam_authtok_check.so.1
other password required pam_authtok_store.so.1
If there are no entries for the service, then the entries
for the "other" service will be used. If multiple authenti-
cation modules are listed, then the user may be prompted for
multiple passwords.
When login is invoked through rlogind or telnetd, the ser-
vice name used by PAM is rlogin or telnet, respectively.
OPTIONS
The following options are supported:
-d device
login accepts a device option, device. device is taken
to be the path name of the TTY port login is to operate
on. The use of the device option can be expected to
improve login performance, since login will not need to
call ttyname(3C). The -d option is available only to
users whose UID and effective UID are root. Any other
attempt to use -d will cause login to quietly exit.
-h hostname [ terminal ]
Used by in.telnetd(1M) to pass information about the
remote host and terminal type.
Terminal type as a second argument to the -h option
should not start with a hyphen (-).
-p
SunOS 5.10 Last change: 24 May 2005 4
User Commands login(1)
Used to pass environment variables to the login shell.
-r hostname
Used by in.rlogind(1M) to pass information about the
remote host.
-R repository
Used to specify the PAM repository that should be used
to tell PAM about the "identity" (see option -u below).
If no "identity" information is passed, the repository
is not used.
-s service
Indicates the PAM service name that should be used. Nor-
mally, this argument is not necessary and is used only
for specifying alternative PAM service names. For exam-
ple: "ktelnet" for the Kerberized telnet process.
-u identity
Specifies the "identity" string associated with the user
who is being authenticated. This will usually not be the
same as that user's Unix login name. For Kerberized
login sessions, this will be the Kerberos principal name
associated with the user.
-U ruser
Indicates the name of the person attempting to login on
the remote side of the rlogin connection. When
in.rlogind(1M) is operating in Kerberized mode, that
daemon will process the terminal and remote user name
information prior to invoking login, so the "ruser" data
is indicated using this command line parameter. Normally
(non-Kerberos authenticated rlogin), the login daemon
will read the remote user information from the client.
SunOS 5.10 Last change: 24 May 2005 5
User Commands login(1)
EXIT STATUS
The following exit values are returned:
0 Successful operation.
non-zero Error.
FILES
$HOME/.cshrc initial commands for each csh
$HOME/.hushlogin suppresses login messages
$HOME/.login user's login commands for csh
$HOME/.profile user's login commands for sh and ksh
$HOME/.rhosts private list of trusted
hostname/username combinations
/etc/.login system-wide csh login commands
/etc/issue issue or project identification
/etc/logindevperm login-based device permissions
/etc/motd message-of-the-day
/etc/nologin message displayed to users attempt-
ing to login during machine shutdown
SunOS 5.10 Last change: 24 May 2005 6
User Commands login(1)
/etc/passwd password file
/etc/profile system-wide sh and ksh login com-
mands
/etc/shadow list of users' encrypted passwords
/usr/bin/sh user's default command interpreter
/var/adm/lastlog time of last login
/var/adm/loginlog record of failed login attempts
/var/adm/utmpx accounting
/var/adm/wtmpx accounting
/var/mail/your-name mailbox for user your-name
/etc/default/login Default value can be set for the
following flags in
/etc/default/login. Default values
are specified as comments in the
/etc/default/login file, for exam-
ple, TIMEZONE=EST5EDT.
TIMEZONE
Sets the TZ environment variable
of the shell (see environ(5)).
SunOS 5.10 Last change: 24 May 2005 7
User Commands login(1)
HZ
Sets the HZ environment variable
of the shell.
ULIMIT
Sets the file size limit for the
login. Units are disk blocks.
Default is zero (no limit).
CONSOLE
If set, root can login on that
device only. This will not
prevent execution of remote com-
mands with rsh(1). Comment out
this line to allow login by
root.
PASSREQ
Determines if login requires a
non-null password.
ALTSHELL
Determines if login should set
the SHELL environment variable.
PATH
Sets the initial shell PATH
variable.
SUPATH
Sets the initial shell PATH
variable for root.
SunOS 5.10 Last change: 24 May 2005 8
User Commands login(1)
TIMEOUT
Sets the number of seconds
(between 0 and 900) to wait
before abandoning a login ses-
sion.
UMASK
Sets the initial shell file
creation mode mask. See
umask(1).
SYSLOG
Determines whether the
syslog(3C) LOG_AUTH facility
should be used to log all root
logins at level LOG_NOTICE and
multiple failed login attempts
atLOG_CRIT.
DISABLETIME
If present, and greater than
zero, the number of seconds that
login will wait after RETRIES
failed attempts or the PAM
framework returns PAM_ABORT.
Default is 20 seconds. Minimum
is 0 seconds. No maximum is
imposed.
SLEEPTIME
If present, sets the number of
seconds to wait before the login
failure message is printed to
the screen. This is for any
login failure other than
PAM_ABORT. Another login attempt
is allowed, providing RETRIES
has not been reached or the PAM
framework is returned
SunOS 5.10 Last change: 24 May 2005 9
User Commands login(1)
PAM_MAXTRIES. Default is 4
seconds. Minimum is 0 seconds.
Maximum is 5 seconds.
Both su(1M) and sulogin(1M) are
affected by the value of SLEEP-
TIME.
RETRIES
Sets the number of retries for
logging in (see pam(3PAM)). The
default is 5. The maximum number
of retries is 15. For accounts
configured with automatic lock-
ing (see SECURITY above), the
account is locked and login
exits. If automatic locking has
not been configured, login exits
without locking the account.
SYSLOG_FAILED_LOGINS
Used to determine how many
failed login attempts will be
allowed by the system before a
failed login message is logged,
using the syslog(3C) LOG_NOTICE
facility. For example, if the
variable is set to 0, login will
log all failed login attempts.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWcsu |
|_____________________________|_____________________________|
| Interface Stability | Evolving |
|_____________________________|_____________________________|
SunOS 5.10 Last change: 24 May 2005 10
User Commands login(1)
SEE ALSO
csh(1), exit(1), ksh(1), mail(1), mailx(1), newgrp(1),
passwd(1), rlogin(1), rsh(1), sh(1), shell_builtins(1), tel-
net(1), umask(1), in.rlogind(1M), in.telnetd(1M),
logins(1M), quota(1M), su(1M), sulogin(1M), syslogd(1M),
useradd(1M), userdel(1M), pam(3PAM), rcmd(3SOCKET),
syslog(3C), ttyname(3C), auth_attr(4), exec_attr(4),
hosts.equiv(4), issue(4), logindevperm(4), loginlog(4),
nologin(4), nsswitch.conf(4), pam.conf(4), passwd(4),
policy.conf(4), profile(4), shadow(4), user_attr(4),
utmpx(4), wtmpx(4), attributes(5), environ(5),
pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5),
pam_authtok_check(5), pam_authtok_get(5),
pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5),
termio(7I)
DIAGNOSTICS
Login incorrect
The user name or the password cannot be matched.
Not on system console
Root login denied. Check the CONSOLE setting in
/etc/default/login.
No directory! Logging in with home=/
The user's home directory named in the passwd(4) data-
base cannot be found or has the wrong permissions. Con-
tact your system administrator.
No shell
Cannot execute the shell named in the passwd(4) data-
base. Contact your system administrator.
NO LOGINS: System going down in N minutes
The machine is in the process of being shut down and
logins have been disabled.
SunOS 5.10 Last change: 24 May 2005 11
User Commands login(1)
WARNINGS
Users with a UID greater than 76695844 are not subject to
password aging, and the system does not record their last
login time.
If you use the CONSOLE setting to disable root logins, you
should arrange that remote command execution by root is also
disabled. See rsh(1), rcmd(3SOCKET), and hosts.equiv(4) for
further details.
NOTES
The pam_unix(5) module is no longer supported. Similar func-
tionality is provided by pam_unix_account(5),
pam_unix_auth(5), pam_unix_session(5), pam_authtok_check(5),
pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), and
pam_passwd_auth(5).
SunOS 5.10 Last change: 24 May 2005 12
Man(1) output converted with
man2html and wrapped by fishsponge
This page was generated on Wed Sep 12 11:25:03 GMT 2007
|
Your favourite pages:
No pages logged yet.
Trying to save cookie... Top 10 most popular pages:
sqlite3 man page (5086 hits)
(openSUSE 10.2)
adv_cap_autoneg man page (4749 hits)
(Solaris 10 11_06)
CPAN man page (4470 hits)
(Suse Linux 10.1)
svn man page (4256 hits)
(FreeBSD 6.2)
ssh man page (4249 hits)
(Suse Linux 10.1)
ssh-socks5-proxy-connect man page (2211 hits)
(Solaris 10 11_06)
startproc man page (2203 hits)
(Suse Linux 10.1)
netcat man page (2163 hits)
(Suse Linux 10.1)
pprosetup man page (2020 hits)
(Solaris 10 11_06)
signal man page (2010 hits)
(Suse Linux 10.1)
|
Man Pages 
