login(1)login(1)NAMElogin - Signs the user on to the system
SYNOPSISlogin [-p] [-h host] [[-f] user]
The login command is used when a user initially signs on to the system
and also by daemons, such as ftp, to create a user's environment.
This security-sensitive command uses the Security Integration Architec‐
ture (SIA) routine as an interface to the security mechanism(s) that
perform the actual user validation. See the matrix.conf(4) reference
page for more information.
OPTIONS
With the exception of -p, these options are available only to the supe‐
ruser. Used by telnetd and other servers to list the host from which
the connection was received. Used with a user name user on the command
line to indicate that proper authentication was already done, and that
no password needs to be requested. Causes the remainder of the envi‐
ronment to be preserved; otherwise, any previous environment is dis‐
carded.
DESCRIPTION
The invocation of login for initial signon is made by a system program
or server using the privileged -h and -f forms of the login command.
If login is invoked without an argument, it asks for a user name, and,
if appropriate, a password. Echoing is turned off (if possible) during
the entering of the password, so it will not appear on the written
record of the session.
After a successful login, accounting files are updated. You are
informed of the existence of mail, and the message of the day and the
time of last login are displayed. The mail message, the message of the
day, and the last login time are suppressed if there is a file in the
home directory; this is mostly used to make life easier for users such
as uucp.
Security Note
If you have enhanced security installed on your system, the login com‐
mand prints the last successful and unsuccessful login times and termi‐
nal devices. If the account does not have a password and the authenti‐
cation profile for the account requires one, login starts the passwd
command to establish one for the account.
The login command prohibits you from logging in if any of the following
are true: The password for the account has expired and you cannot suc‐
cessfully change the password. The password lifetime for the account
has passed. The administrative lock on the account was set. The maxi‐
mum number of unsuccessful login attempts for the account was exceeded.
The maximum number of unsuccessful login attempts for the terminal was
exceeded. The administrative lock on the terminal was set. The termi‐
nal has an authorized user list and you are not on it. The terminal
has time of day restrictions and the current time is not within them.
The account was retired by the system administrator.
The login command initializes the user and group IDs and the working
directory, and then executes a command interpreter according to speci‐
fications found in the password file. Argument 0 (zero) of the command
interpreter is the name of the command interpreter with a leading -
(dash).
The login command also modifies the environment with information speci‐
fying home directory, command interpreter, terminal type (if avail‐
able), and user name.
Security Note
If you have enhanced security installed on your system, the login com‐
mand always allows root to log in at the console to avoid the situation
where all accounts and terminals are locked.
If either /etc/nologin_hostname or /etc/nologin exists, login prints
the contents on your terminal and exits. The shutdown command creates
/etc/nologin_hostname (or /etc/nologin in the case of a clusterwide
shutdown) to stop users from logging in when the system or cluster is
about to go down.
Login is recognized by sh, csh, and ksh and executed directly (without
forking).
ERRORS
The user name or the password is invalid. Consult your system adminis‐
trator.
Security Note
If you have enhanced security installed on your system, you may
see the following diagnostic messages: The login command cannot
invoke the passwd program. The passwd program is invoked, the
user is unable to change the password, and the account requires
one. is allowed
The login command is allowing a root login at the system con‐
sole, despite a condition that would normally not allow such a
login. The account is locked for one of the reasons previously
listed. The terminal is locked for one of the reasons previ‐
ously listed. You are not on the authorized user list for the
terminal. The current time is not within the current time-of-
day restrictions for the terminal.
After an unsuccessful login attempt, login waits a specified
(configurable) amount of time before it prompts for another
login attempt.
If the account's password was changed by another user, login
prints the time the password was changed and the user who
changed it.
If your password is about to expire, login warns you of the time
of the impending expiration. Your system administrator sets the
warning period.
FILES
Contains user and accounting information. Contains login history.
Contains last login time stamps. Mail directory. Message of the day.
Contains user information. Stops logins. In a cluster, /etc/nologin is
used instead. Suppresses mail notification, message of the day, and
last login time.
SEE ALSO
Commands: binmail(1), chfn(1), chsh(1), getty(8), init(8), Mail(1),
mail(1), mailx(1), passwd(1), rlogin(1), shutdown(8)
Function: getpass(3)
Files: matrix.conf(4), passwd(4), utmp(4)
Security
login(1)