*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->HP-UX 11i man pages -> login (1)              


 login(1)                                                           login(1)

 NAME    [Toc]    [Back]
      login - sign on; start terminal session

 SYNOPSIS    [Toc]    [Back]
      login [name [env-var] ...]

 DESCRIPTION    [Toc]    [Back]
      The login command is used at the beginning of each terminal session to
      properly identify a prospective user.  login can be invoked as a user
      command or by the system as an incoming connection is established.
      login can also be invoked by the system when a previous user shell
      terminates but the terminal does not disconnect.

      If login is invoked as a command, it must replace the initial command
      interpreter (the user's login shell).  This is accomplished with the
      shell command

           exec login

      The user's login name is requested, if it is not specified on the
      command line, and the corresponding password is obtained, if required,
      with the following prompts:


      Terminal echo is turned off (where possible) during password entry to
      prevent written records of the password.  If the account does not have
      a password, and the authentication profile for the account requires
      one, login invokes pam_chauthtok() to establish one for the account.
      On a trusted system, login displays the last successful and
      unsuccessful login times and terminal devices.

      As a security precaution, some installations use an option that
      requires a second "dialup" password.  This occurs only for dialup
      connections, and is requested with the prompt:

           dialup password:

      Both passwords must be correct for a successful login (see dialups(4)
      for details on dialup security).

      If password aging is activated, the user's password may have expired.
      pam_chauthtok() is invoked to change the password.  In an untrusted
      environment, the user is required to re-login after a successful
      password change (see passwd(1)).

      After three unsuccessful login attempts, a HANGUP signal is issued.
      If a login is not successfully completed within a certain period of
      time (for example, one minute), the terminal is silently disconnected.

 Hewlett-Packard Company            - 1 -   HP-UX 11i Version 2: August 2003

 login(1)                                                           login(1)

      After a successful login, the accounting files are updated, user and
      group IDs, group access list, and working directory are initialized,
      and the user's command interpreter (shell) is determined from
      corresponding user entries in the files /etc/passwd and
      /etc/logingroup (see passwd(4) and group(4)).  If /etc/passwd does not
      specify a shell for the user name, /usr/bin/sh is used by default.
      login then forks the appropriate shell by using the last component of
      the shell path name preceded by a - (for example, -sh or -ksh).  When
      the command interpreter is invoked with its name preceded by a minus
      in this manner, the shell performs its own initialization, including
      execution of profile, login, or other initialization scripts.

      For example, if the user login shell is the Korn or POSIX shell (see
      ksh(1) or sh-posix(1), respectively), the shell executes the profile
      files /etc/profile and $HOME/.profile if they exist (and possibly
      others as well).  Depending on what these profile files contain,
      messages regarding mail in the user's mail file or any messages the
      user may have received since the user's last login may be displayed.

      If the command name field is *, a chroot() to the directory named in
      the directory field of the entry is performed.  At that point, login
      is re-executed at the new level, which must have its own root
      structure, including a /usr/bin/login command and an /etc/passwd file.

      For the normal user, the basic environment variables (see environ(5))
      are initialized to:


      login_directory, login_name, and login_shell are taken from the
      corresponding fields of the passwd file entry (see passwd(4)).

      For superuser, PATH is set to:


      In the case of a remote login, the environment variable TERM is also
      set to the remote user's terminal type.

      The environment can be expanded or modified by supplying additional
      arguments to login, either at execution time or when login requests
      the user's login name.  The arguments can take either the form value
      or varname=value, where varname is a new or existing environment
      variable name and value is a value to be assigned to the variable.

      An argument in the first form (without an equals sign) is placed in
      the environment as if it were entered in the form

 Hewlett-Packard Company            - 2 -   HP-UX 11i Version 2: August 2003

 login(1)                                                           login(1)


      where n is a number starting at 0 that is incremented each time a new
      variable name is required.

      An argument in the second form (with an equals sign) is placed into
      the environment without modification.

      If the variable name (Ln or varname) already appears in the
      environment, the new value replaces the older one.

      There are two exceptions.  The variables PATH and SHELL cannot be
      changed.  This prevents users logged in with restricted shell
      environments from spawning secondary shells that are not restricted.

      Both login and getty understand simple single-character quoting
      conventions.  Typing a backslash in front of a character quotes it and
      allows the inclusion of such things as spaces and tabs.

      If /var/adm/btmp is present, all unsuccessful login attempts are
      logged to that file.  This feature is disabled if the file is not
      present.  The lastb command, (see last(1)), displays a summary of bad
      login attempts for users with read access to btmp.

      If the /etc/securetty file is present, login security is in effect,
      i.e., root is allowed to log in successfully only on the ttys listed
      in this file.  Restricted ttys are listed by device name, one per
      line.  Valid tty names are dependent on the installation.  An example


      Note that this feature does not inhibit a normal user from using the
      su command (see su(1)).

    HP-UX Smart Card Login    [Toc]    [Back]
      If the user account is configured to use a Smart Card, the user
      password is stored in the card.  This password has characteristics
      identical to a normal password stored on the system.

      In order to login using a Smart Card account, the card must be
      inserted into the Smart Card reader.  The user is prompted for a PIN
      (personal identification number) instead of a password during
      authentication.  The prompts are:

           Enter PIN:

 Hewlett-Packard Company            - 3 -   HP-UX 11i Version 2: August 2003

 login(1)                                                           login(1)

      The password is retrieved automatically from the Smart Card when a
      valid PIN is entered.  Therefore, it is not necessary to know the
      password, only the PIN.

      The card is locked if an incorrect PIN is entered three consecutive
      times.  It may be unlocked only by the card issuer.

 SECURITY FEATURES    [Toc]    [Back]
      On a standard system, login prohibits a user from logging in if any of
      the following is true:

        +  The password for the account has expired and the user cannot
           successfully change the password.

        +  The password for the account has expired and the password was not
           changed within the specified number of days after the expiration
           (see shadow(4)).

        +  The account lifetime has passed (see shadow(4)).

      On a trusted system, login prohibits a user from logging in if any of
      the following is true:

        +  The password for the account has expired and the user cannot
           successfully change the password.

        +  The password lifetime for the account has passed.

        +  The time between the last login and the current time exceeds the
           time allowed for login intervals.

        +  The administrative lock on the account has been set.

        +  The maximum number of unsuccessful login attempts for the account
           has been exceeded.

        +  The maximum number of unsuccessful login attempts for the
           terminal has been exceeded.

        +  The administrative lock on the terminal has been set.

        +  The terminal has an authorized user list and the user is not on

        +  The terminal has time of day restrictions and the current time is
           not within the allowable period.

      On a trusted system, login allows superuser to log in on the console
      unless /etc/securetty exists and does not contain console.

 Hewlett-Packard Company            - 4 -   HP-UX 11i Version 2: August 2003

 login(1)                                                           login(1)

      Refer to the /etc/default/security file in the security(4) manpage for
      detailed information on configurable parameters that affect the
      behavior of this command.  Currently supported parameters are:

           ABORT_LOGIN_ON_MISSING_HOMEDIR    [Toc]    [Back]

           NOLOGIN    [Toc]    [Back]

           NUMBER_OF_LOGINS_ALLOWED    [Toc]    [Back]

    Environment Variables
      HOME      User's home directory.
      MAIL      Where to look for mail.
      PATH      Path to be searched for commands.
      SHELL     Which command interpreter is being used.
      TERM      User's terminal type.
      varname   User-specified named variables.
      Ln        User-specified unnamed variables.

 DIAGNOSTICS    [Toc]    [Back]
      The following diagnostics appear if the associated condition occurs:

      .rhosts is a soft link

           The personal equivalence file is a symbolic link.

      Bad .rhosts ownership    [Toc]    [Back]

           The personal equivalence file is not owned by the local user or
           by a user with appropriate privileges.

      Bad group id    [Toc]    [Back]

           setgid() failed (see setuid(2)).

      Bad user id    [Toc]    [Back]

           setuid() failed (see setuid(2)).

      Cannot open password file    [Toc]    [Back]

           Consult the system administrator.

      Locuser too long    [Toc]    [Back]

           The indicated string was too long for login's internal buffer.

      Login incorrect    [Toc]    [Back]

 Hewlett-Packard Company            - 5 -   HP-UX 11i Version 2: August 2003

 login(1)                                                           login(1)

           User name and password cannot be matched.

      No /usr/bin/login or /etc/login on root

           Attempted to log in to a subdirectory root that does not have a
           subroot login command.  That is, the passwd file entry had shell
           path *, but the system cannot find a login command under the
           given home directory.

      No directory    [Toc]    [Back]

           Consult system administrator.

      No Root Directory    [Toc]    [Back]

           Attempted to log in to a subdirectory root that does not exist.
           That is, the passwd file entry had shell path *, but the system
           cannot chroot() to the given home directory.

      No shell    [Toc]    [Back]

           The user shell (/usr/bin/sh if shell name is null in /etc/passwd)
           could not be started with the exec command.  Consult system

      No utmp entry. You must exec "login" from the lowest level "sh"

           Attempted to execute login as a command without using the shell's
           exec internal command or from other than the initial shell.  The
           current shell is terminated.

      Remuser too long    [Toc]    [Back]

           The indicated string was too long for login's internal buffer.

      Terminal type too long    [Toc]    [Back]

           The indicated string was too long for login's internal buffer.

      Unable to change to directory name

           Cannot chdir to the user's home directory.

      Your password has expired.  Choose a new one

           Password aging is enabled and the user's password has expired.

 WARNINGS    [Toc]    [Back]
      If /etc/group is linked to /etc/logingroup, and group membership for
      the user trying to log in is managed by the Network Information
      Service (NIS), and no NIS server is able to respond, login waits until

 Hewlett-Packard Company            - 6 -   HP-UX 11i Version 2: August 2003

 login(1)                                                           login(1)

      a server does respond.

 DEPENDENCIES    [Toc]    [Back]
    Pluggable Authentication Modules (PAM)
      PAM is an Open Group standard for user authentication, password
      modification, and validation of accounts.  In particular,
      pam_authenticate() is invoked to perform all functions related to
      login.  This includes retrieving the password, validating the account,
      and displaying error messages.  pam_chauthtok() is invoked during
      password expiration or establishment.

    HP Process Resource Manager    [Toc]    [Back]
      If the optional HP Process Resource Manager (PRM) software is
      installed and configured, the login shell is launched in the user's
      initial process resource group.  If the user's initial group is not
      defined, the shell runs in the user default group (PRMID=1).  See
      prmconfig(1) for a description of how to configure HP PRM, and
      prmconf(4) for a description of how the user's initial process
      resource group is determined.

 AUTHOR    [Toc]    [Back]
      login was developed by AT&T and HP.

 FILES    [Toc]    [Back]
      $HOME/.profile      Personal profile (individual user initialization)
      $HOME/.rhosts       Personal equivalence file for the remote login
      /etc/d_passwd       Dialup security encrypted passwords.
      /etc/dialups        Lines which require dialup security.
      /etc/hosts.equiv    System list of equivalent hosts allowing logins
                          without passwords.
      /etc/logingroup     Group file - defines group access lists.
      /etc/motd           Message-of-the-day.
      /etc/passwd         Password file - defines users, passwords, and
                          primary groups.
      /etc/profile        System profile (initialization for all users).
      /etc/securetty      List of valid ttys for root login.
      /etc/shadow         Shadow Password file.
      /etc/utmp           Users currently logged-in.
      /tcb/files/auth/*/* The trusted system password database.
      /var/adm/btmp       History of bad login attempts.
      /var/adm/wtmp       History of logins, logouts, and date changes.
      /var/mail/login_name     Mailbox for user.  login_name
      /etc/default/security    Security defaults configuration file.

 SEE ALSO    [Toc]    [Back]
      csh(1), groups(1), ksh(1), last(1), mail(1), newgrp(1), passwd(1),
      sh(1), sh-posix(1), su(1), getty(1M), initgroups(3C), dialups(4),
      group(4), passwd(4), profile(4), security(4), shadow(4), utmp(4),

 Hewlett-Packard Company            - 7 -   HP-UX 11i Version 2: August 2003

 login(1)                                                           login(1)

    HP Process Resource Manager    [Toc]    [Back]
      prmconfig(1), prmconf(4) in HP Process Resource Manager Users Guide.

    Pluggable Authentication Modules (PAM)    [Toc]    [Back]
      pam_acct_mgmt(3), pam_authenticate(3), pam_chauthtok(3).

    HP-UX Smart Card Login    [Toc]    [Back]
      scpin(1), scsync(1).

 Hewlett-Packard Company            - 8 -   HP-UX 11i Version 2: August 2003
[ Back ]
 Similar pages
Name OS Title
newsess IRIX start a new array session
newarraysess IRIX start a new array session
openvt Linux start a program on a new virtual terminal (VT).
tcgetsid NetBSD get session ID associated with a controlling terminal
tcgetsid Tru64 returns the session ID of the terminal
tsm HP-UX Terminal Session Manager
script Tru64 Makes a transcript of terminal session
script IRIX make typescript of terminal session
script OpenBSD make typescript of terminal session
script HP-UX make typescript of terminal session
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service