login - sign on to the system


     login  [-p]  [-d device]   [-h hostname   |   [terminal]   |
     -r hostname]  [  name [environ]...]


     The login command is used at the beginning of each  terminal
     session  to identify oneself to the system. login is invoked
     by the system when a connection is first established,  after
     the  previous user has terminated the login shell by issuing
     the exit command.

     If login is invoked as a command, it must replace  the  ini-
     tial  command  interpreter. To invoke login in this fashion,

     exec login

     from the initial shell. The C  shell  and  Korn  shell  have
     their  own  builtins  of  login.  See  ksh(1) and csh(1) for
     descriptions of login builtins and usage.

     login asks for your user name, if it is not supplied  as  an
     argument, and your password, if appropriate. Where possible,
     echoing is turned off while you type your  password,  so  it
     will not appear on the written record of the session.

     If you make any mistake in the login procedure, the message:

     Login incorrect

     is printed and a new login prompt will appear. If  you  make
     five  incorrect  login  attempts,  all five may be logged in
     /var/adm/loginlog, if  it  exists.  The  TTY  line  will  be

     If password aging is turned on and the password  has  "aged"
     (see  passwd(1) for more information), the user is forced to
     changed the password. In this  case  the  /etc/nsswitch.conf
     file  is  consulted  to determine password repositories (see
     nsswitch.conf(4)). The password update  configurations  sup-
     ported are limited to the following five cases.

        o  passwd: files

        o  passwd: files nis

        o  passwd: files nisplus

        o  passwd: compat (==> files nis)
        o  passwd: compat (==> files nisplus)

     passwd_compat: nisplus

     Failure to comply with the configurations will  prevent  the
     user  from  logging  onto  the system because passwd(1) will
     fail. If you do not complete the login successfully within a
     certain  period  of  time,  it  is  likely  that you will be
     silently disconnected.

     After a successful login, accounting files are updated. Dev-
     ice  owner,  group, and permissions are set according to the
     contents of the /etc/logindevperm file,  and  the  time  you
     last logged in is printed (see logindevperm(4)).

     The user-ID, group-ID, supplementary group list, and working
     directory are initialized, and the command interpreter (usu-
     ally ksh) is started.

     The basic environment is initialized to:


     For Bourne shell and Korn shell logins, the  shell  executes
     /etc/profile  and  $HOME/.profile, if it exists. For C shell
     logins, the shell executes  /etc/.login,  $HOME/.cshrc,  and
     $HOME/.login. The default /etc/profile and /etc/.login files
     check quotas (see quota(1M)), print /etc/motd, and check for
     mail.   None  of  the  messages  are  printed  if  the  file
     $HOME/.hushlogin  exists. The name  of  the  command  inter-
     preter is set to - (dash), followed by the last component of
     the interpreter's path name, for example, -sh.

     If  the  login-shell  field  in  the  password   file   (see
     passwd(4))  is  empty, then the default command interpreter,
     /usr/bin/sh, is used. If this field is  *  (asterisk),  then
     the  named  directory  becomes  the  root directory. At that
     point, login is re-executed at the  new  level,  which  must
     have its own root structure.

     The environment may be expanded  or  modified  by  supplying
     additional  arguments  to login, either at execution time or
     when login requests your login name. The arguments may  take
     either  the  form  xxx  or  xxx=yyy.  Arguments without an =
     (equal sign) are placed in the environment as:


     where n is a number starting at 0 and  is  incremented  each
     time  a  new variable name is required. Variables containing
     an = (equal sign) are  placed  in  the  environment  without
     modification.  If  they  already  appear in the environment,
     then they replace the older values.

     There are two exceptions: The variables PATH and SHELL  can-
     not  be changed. This prevents people logged into restricted
     shell environments from spawning secondary shells  that  are
     not  restricted.  login  understands simple single-character
     quoting conventions.  Typing a \ (backslash) in front  of  a
     character quotes it and allows the inclusion of such charac-
     ters as spaces and tabs.

     Alternatively, you can pass the current environment by  sup-
     plying  the  -p  flag to login. This flag indicates that all
     currently defined environment variables should be passed, if
     possible,  to  the  new  environment.  This  option does not
     bypass  any  environment  variable  restrictions   mentioned
     above.  Environment  variables  specified  on the login line
     take precedence, if a variable is passed by both methods.

     To enable remote logins by root, edit the /etc/default/login
     file   by   inserting   a   #   (pound   sign)   before  the
     CONSOLE=/dev/console entry. See FILES.


     The login command uses pam(3PAM) for authentication, account
     management, session management, and password management. The
     PAM  configuration  policy,  listed  through  /etc/pam.conf,
     specifies  the  modules to be used for login. Here is a par-
     tial pam.conf file with entries for the login command  using
     the  UNIX  authentication,  account  management, and session
     management modules:

     login  auth       required  pam_authtok_get.so.1
     login  auth       required  pam_dhkeys.so.1
     login  auth       required  pam_unix_auth.so.1
     login  auth       required  pam_dial_auth.so.1

     login  account    requisite pam_roles.so.1
     login  account    required  pam_projects.so.1
     login  account    required  pam_unix_account.so.1

     login  session    required  pam_unix_session.so.1

     The Password Management stack looks like the following:

     other  password   required  pam_dhkeys.so.1
     other  password   requisite  pam_authtok_get.so.1
     other  password   requisite  pam_authtok_check.so.1
     other  password   required  pam_authtok_store.so.1

     If there are no entries for the service,  then  the  entries
     for  the "other" service will be used. If multiple authenti-
     cation modules are listed, then the user may be prompted for
     multiple passwords.

     When login is invoked through rlogind or telnetd,  the  ser-
     vice name used by PAM is rlogin or telnet, respectively.


     The following options are supported:

     -d device
           login accepts a device option, device. device is taken
           to  be  the  path  name  of  the  TTY port login is to
           operate on. The  use  of  the  device  option  can  be
           expected  to  improve  login  performance, since login
           will not need to call ttyname(3C). The  -d  option  is
           available  only  to  users whose UID and effective UID
           are root. Any other attempt to use -d will cause login
           to quietly exit.

     -h hostname [ terminal ]
           Used by in.telnetd(1M) to pass information  about  the
           remote host and terminal type.

     -p    Used to pass environment variables to the login shell.

     -r hostname
           Used by in.rlogind(1M) to pass information  about  the
           remote host.


     The following exit values are returned:

     0     Successful operation.



           initial commands for each csh

           suppresses login messages

           user's login commands for csh

           user's login commands for sh and ksh

           private list of trusted hostname/username combinations

           system-wide csh login commands

           issue or project identification

           login-based device permissions


           message displayed to users attempting to login  during
           machine shutdown

           password file

           system-wide sh and ksh login commands

           list of users' encrypted passwords

           user's default command interpreter

           time of last login

           record of failed login attempts



           mailbox for user your-name

           Default value can be set for the  following  flags  in
           /etc/default/login. For example: TIMEZONE=EST5EDT

                 Sets the TZ environment variable  of  the  shell
                 (see environ(5)).

           HZ    Sets the HZ environment variable of the shell.

                 Sets the file size limit for  the  login.  Units
                 are disk blocks.  Default is zero (no limit).

                 If set, root can login on that device only. This
                 will  not  prevent  execution of remote commands
                 with rsh(1). Comment  out  this  line  to  allow
                 login by root.

                 Determines if login requires  a  non-null  pass-

                 Determines  if  login  should  set   the   SHELL
                 environment variable.

           PATH  Sets the initial shell PATH variable.

                 Sets the initial shell PATH variable for root.

                 Sets the number of seconds (between 0  and  900)
                 to wait before abandoning a login session.

           UMASK Sets the initial shell file creation mode  mask.
                 See umask(1).

                 Determines  whether  the   syslog(3C)   LOG_AUTH
                 facility  should  be used to log all root logins
                 at level LOG_NOTICE and  multiple  failed  login
                 attempts atLOG_CRIT.

                 If present, and greater than zero, the number of
                 seconds  that  login  will  wait  after  RETRIES
                 failed attempts or  the  PAM  framework  returns
                 PAM_ABORT.  Default  is 20 seconds. Minimum is 0
                 seconds. No maximum is imposed.

                 If present, sets the number of seconds  to  wait
                 before  the  login failure message is printed to
                 the screen. This is for any login failure  other
                 than   PAM_ABORT.   Another   login  attempt  is
                 allowed, providing RETRIES has not been  reached
                 or  the  PAM framework is returned PAM_MAXTRIES.
                 Default is 4 seconds. Minimum is 0 seconds. Max-
                 imum is 5 seconds.

                 Sets the number of retries for logging  in  (see
                 pam(3PAM)). The default is 5.

                 Used to determine how many failed login attempts
                 will  be  allowed  by the system before a failed
                 login message is logged,  using  the  syslog(3C)
                 LOG_NOTICE  facility.  For example, if the vari-
                 able is set to 0,  login  will  log  all  failed
                 login attempts.


     See attributes(5) for descriptions of the  following  attri-

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWcsu                     |


     csh(1),  exit(1),  ksh(1),  mail(1),  mailx(1),   newgrp(1),
     passwd(1), rlogin(1), rsh(1), sh(1), shell_builtins(1), tel-
     net(1),    umask(1),     in.rlogind(1M),     in.telnetd(1M),
     logins(1M),  quota(1M),  su(1M),  syslogd(1M),  useradd(1M),
     userdel(1M),    pam(3PAM),    rcmd(3SOCKET),     syslog(3C),
     ttyname(3C),   auth_attr(4),  exec_attr(4),  hosts.equiv(4),
     issue(4),    logindevperm(4),    loginlog(4),    nologin(4),
     nsswitch.conf(4),  pam.conf(4),  passwd(4), profile(4), sha-
     dow(4),  user_attr(4),  utmpx(4),  wtmpx(4),  attributes(5),
     environ(5),      pam_unix_account(5),      pam_unix_auth(5),
     pam_unix_session(5),                   pam_authtok_check(5),
     pam_authtok_get(5),   pam_authtok_store(5),   pam_dhkeys(5),
     pam_passwd_auth(5), termio(7I)


     Login incorrect
           The user name or the password cannot be matched.

     Not on system console
           Root  login  denied.  Check  the  CONSOLE  setting  in

     No directory! Logging in with home=/
           The user's home directory named in the passwd(4) data-
           base  cannot  be  found  or has the wrong permissions.
           Contact your system administrator.

     No shell
           Cannot execute the shell named in the passwd(4)  data-
           base. Contact your system administrator.

     NO LOGINS: System going down in N minutes
           The machine is in the process of being shut  down  and
           logins have been disabled.


     Users with a UID greater than 76695844 are  not  subject  to
     password  aging,  and  the system does not record their last
     login time.

     If you use the CONSOLE setting to disable root  logins,  you
     should arrange that remote command execution by root is also
     disabled. See rsh(1), rcmd(3SOCKET), and hosts.equiv(4)  for
     further details.


     The pam_unix(5) module might not be supported  in  a  future
     release.    Similar    functionality    is    provided    by
     pam_unix_account(5), pam_unix_auth(5),  pam_unix_session(5),
     pam_authtok_check(5),                    pam_authtok_get(5),
     pam_authtok_store(5), pam_dhkeys(5), and pam_passwd_auth(5).

Man(1) output converted with man2html