 |
Index for
Section 1 |
|
 |
Alphabetical
listing for L |
|
 |
Bottom of
page |
|
login(1)
NAME
login - Signs the user on to the system
SYNOPSIS
login [-p] [-h host] [[-f] user]
The login command is used when a user initially signs on to the system and
also by daemons, such as ftp, to create a user's environment.
This security-sensitive command uses the Security Integration Architecture
(SIA) routine as an interface to the security mechanism(s) that perform the
actual user validation. See the matrix.conf(4) reference page for more
information.
OPTIONS
With the exception of -p, these options are available only to the
superuser.
-h host
Used by telnetd and other servers to list the host from which the
connection was received.
-f Used with a user name user on the command line to indicate that proper
authentication was already done, and that no password needs to be
requested.
-p Causes the remainder of the environment to be preserved; otherwise, any
previous environment is discarded.
DESCRIPTION
The invocation of login for initial signon is made by a system program or
server using the privileged -h and -f forms of the login command.
If login is invoked without an argument, it asks for a user name, and, if
appropriate, a password. Echoing is turned off (if possible) during the
entering of the password, so it will not appear on the written record of
the session.
After a successful login, accounting files are updated. You are informed
of the existence of mail, and the message of the day and the time of last
login are displayed. The mail message, the message of the day, and the
last login time are suppressed if there is a .hushlogin file in the home
directory; this is mostly used to make life easier for users such as uucp.
Security Note
If you have enhanced security installed on your system, the login
command prints the last successful and unsuccessful login times and
terminal devices. If the account does not have a password and the
authentication profile for the account requires one, login starts the
passwd command to establish one for the account.
The login command prohibits you from logging in if any of the
following are true:
· The password for the account has expired and you cannot
successfully change the password.
· The password lifetime for the account has passed.
· The administrative lock on the account was set.
· The maximum number of unsuccessful login attempts for the account
was exceeded.
· The maximum number of unsuccessful login attempts for the
terminal was exceeded.
· The administrative lock on the terminal was set.
· The terminal has an authorized user list and you are not on it.
· The terminal has time of day restrictions and the current time is
not within them.
· The account was retired by the system administrator.
The login command initializes the user and group IDs and the working
directory, and then executes a command interpreter according to
specifications found in the password file. Argument 0 (zero) of the command
interpreter is the name of the command interpreter with a leading - (dash).
The login command also modifies the environment with information specifying
home directory, command interpreter, terminal type (if available), and user
name.
Security Note
If you have enhanced security installed on your system, the login
command always allows root to log in at the console to avoid the
situation where all accounts and terminals are locked.
If either /etc/nologin_hostname or /etc/nologin exists, login prints the
contents on your terminal and exits. The shutdown command creates
/etc/nologin_hostname (or /etc/nologin in the case of a clusterwide
shutdown) to stop users from logging in when the system or cluster is
about to go down.
Login is recognized by sh, csh, and ksh and executed directly (without
forking).
ERRORS
Login incorrect
The user name or the password is invalid.
No Shell, cannot open password file, no directory
Consult your system administrator.
Security Note
If you have enhanced security installed on your system, you may see
the following diagnostic messages:
Cannot execute passwd program
The login command cannot invoke the passwd program.
Login aborted due to no password
The passwd program is invoked, the user is unable to change
the password, and the account requires one.
Account/Terminal is disabled but console login
is allowed
The login command is allowing a root login at the system
console, despite a condition that would normally not allow
such a login.
Account is disabled - see System Admin
The account is locked for one of the reasons previously
listed.
Terminal is disabled - see System Admin
The terminal is locked for one of the reasons previously
listed.
Not authorized for terminal access - see System Admin
You are not on the authorized user list for the terminal.
Wrong time period to log into this terminal
The current time is not within the current time-of-day
restrictions for the terminal.
After an unsuccessful login attempt, login waits a specified
(configurable) amount of time before it prompts for another login
attempt.
If the account's password was changed by another user, login prints
the time the password was changed and the user who changed it.
If your password is about to expire, login warns you of the time of
the impending expiration. Your system administrator sets the
warning period.
FILES
/var/adm/utmp
Contains user and accounting information.
/var/adm/wtmp
Contains login history.
/usr/adm/lastlog
Contains last login time stamps.
/var/spool/mail/*
Mail directory.
/etc/motd
Message of the day.
/etc/passwd
Contains user information.
/etc/nologin_hostname
Stops logins. In a cluster, /etc/nologin is used instead.
.hushlogin
Suppresses mail notification, message of the day, and last login time.
SEE ALSO
Commands: binmail(1), chfn(1), chsh(1), getty(8), init(8), Mail(1),
mail(1), mailx(1), passwd(1), rlogin(1), shutdown(8)
Function: getpass(3)
Files: matrix.conf(4), passwd(4), utmp(4)
Security
|
Index for
Section 1 |
|
|
Alphabetical
listing for L |
|
 |
Top of
page |
|