NAME
login —
authenticate users and set up
their session environment
SYNOPSIS
login |
[-Ffps]
[-a
address]
[-h
hostname]
[user] |
DESCRIPTION
The
login utility logs users (and pseudo-users) into the
computer system.
If no user is specified, or if a user is specified and authentication of the
user fails,
login prompts for a user name. Authentication of
users is done via passwords. If the user can be authenticated via S/Key, then
the S/Key challenge is incorporated in the password prompt. The user then has
the option of entering their Kerberos or normal password or the S/Key
response. Neither will be echoed.
The options are as follows:
-
-
- -a
- The -a option specifies the address of
the host from which the connection was received. It is used by various
daemons such as telnetd(8).
This option may only be used by the super-user.
-
-
- -F
- The -F option acts like the
-f option, but also indicates to login
that it should attempt to rewrite an existing Kerberos 5 credentials cache
(specified by the KRB5CCNAME environment variable) after dropping
permissions to the user logging in. This flag is not supported under
pam(8).
-
-
- -f
- The -f option is used when a user name is
specified to indicate that proper authentication has already been done and
that no password need be requested. This option may only be used by the
super-user or when an already logged in user is logging in as
themselves.
-
-
- -h
- The -h option specifies the host from
which the connection was received. It is used by various daemons such as
telnetd(8). This option may
only be used by the super-user.
-
-
- -p
- By default, login discards any previous
environment. The -p option disables this behavior.
-
-
- -s
- Require a secure authentication mechanism like Kerberos or
S/Key to be used. This flag is not supported under
pam(8).
If a user other than the superuser attempts to login while the file
/etc/nologin exists,
login displays its
contents to the user and exits. This is used by
shutdown(8) to prevent normal
users from logging in when the system is about to go down.
Immediately after logging a user in,
login displays the system
copyright notice, the date and time the user last logged in, the message of
the day as well as other information. If the file
“
.hushlogin” exists in the user's home
directory, all of these messages are suppressed. This is to simplify logins
for non-human users.
login then records an entry in the
wtmp(5) and
utmp(5) files, executes
site-specific login commands via the
ttyaction(3) facility with an
action of "login", and executes the user's command interpreter.
login enters information into the environment (see
environ(7)) specifying the
user's home directory (HOME), command interpreter (SHELL), search path (PATH),
terminal type (TERM) and user name (both LOGNAME and USER).
The user's login experience can be customized using login class capabilities as
configured in
/etc/login.conf and documented in
login.conf(5).
The standard shells,
csh(1) and
sh(1), do not fork before executing
the
login utility.
FILES
- /etc/login.conf
- login class capability database
- /etc/motd
- message-of-the-day
- /etc/nologin
- disallows non-superuser logins
- /var/run/utmp
- list of current logins
- /var/log/lastlog
- last login account records
- /var/log/wtmp
- login account records
- /var/mail/user
- system mailboxes
- .hushlogin
- makes login quieter
SEE ALSO
chpass(1),
newgrp(1),
passwd(1),
rlogin(1),
skey(1),
getpass(3),
ttyaction(3),
login.conf(5),
passwd.conf(5),
utmp(5),
environ(7),
kerberos(8),
pam(8)
HISTORY
A
login appeared in
Version 6 AT&T
UNIX.
TRADEMARKS AND PATENTS
S/Key is a trademark of Bellcore.