.\" $NetBSD: login.1,v 1.27 2005/11/08 18:54:15 wiz Exp $ .\" .\" Copyright (c) 1980, 1990, 1993 .\" The Regents of the University of California. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" @(#)login.1 8.2 (Berkeley) 5/5/94 .\" .Dd November 1, 2005 .Dt LOGIN 1 .Os .Sh NAME .Nm login .Nd authenticate users and set up their session environment .Sh SYNOPSIS .Nm .Op Fl Ffps .Op Fl a Ar address .Op Fl h Ar hostname .Op Ar user .Sh DESCRIPTION The .Nm utility logs users (and pseudo-users) into the computer system. .Pp If no user is specified, or if a user is specified and authentication of the user fails, .Nm prompts for a user name. Authentication of users is done via passwords. If the user can be authenticated via .Tn S/Key , then the .Tn S/Key challenge is incorporated in the password prompt. The user then has the option of entering their Kerberos or normal password or the .Tn S/Key response. Neither will be echoed. .Pp The options are as follows: .Bl -tag -width Ds .It Fl a The .Fl a option specifies the address of the host from which the connection was received. It is used by various daemons such as .Xr telnetd 8 . This option may only be used by the super-user. .It Fl F The .Fl F option acts like the .Fl f option, but also indicates to .Xr login 1 that it should attempt to rewrite an existing kerberos5 credentials cache (specified by the KRB5CCNAME environment variable) after dropping permissions to the user logging in. This flag is not supported under .Xr pam 8 . .It Fl f The .Fl f option is used when a user name is specified to indicate that proper authentication has already been done and that no password need be requested. This option may only be used by the super-user or when an already logged in user is logging in as themselves. .It Fl h The .Fl h option specifies the host from which the connection was received. It is used by various daemons such as .Xr telnetd 8 . This option may only be used by the super-user. .It Fl p By default, .Nm discards any previous environment. The .Fl p option disables this behavior. .It Fl s Require a secure authentication mechanism like .Tn Kerberos or .Tn S/Key to be used. This flag is not supported under .Xr pam 8 . .El .Pp If a user other than the superuser attempts to login while the file .Pa /etc/nologin exists, .Nm displays its contents to the user and exits. This is used by .Xr shutdown 8 to prevent normal users from logging in when the system is about to go down. .Pp Immediately after logging a user in, .Nm displays the system copyright notice, the date and time the user last logged in, the message of the day as well as other information. If the file .Dq Pa .hushlogin exists in the user's home directory, all of these messages are suppressed. This is to simplify logins for non-human users, such as .Xr uucp 1 . .Nm then records an entry in the .Xr wtmp 5 and .Xr utmp 5 files, executes site-specific login commands via the .Xr ttyaction 3 facility with an action of "login", and executes the user's command interpreter. .Pp .Nm enters information into the environment (see .Xr environ 7 ) specifying the user's home directory (HOME), command interpreter (SHELL), search path (PATH), terminal type (TERM) and user name (both LOGNAME and USER). .Pp The standard shells, .Xr csh 1 and .Xr sh 1 , do not fork before executing the .Nm utility. .Sh FILES .Bl -tag -width /var/mail/userXXX -compact .It Pa /etc/motd message-of-the-day .It Pa /etc/nologin disallows non-superuser logins .It Pa /var/run/utmp list of current logins .It Pa /var/log/lastlog last login account records .It Pa /var/log/wtmp login account records .It Pa /var/mail/user system mailboxes .It Pa \&.hushlogin makes login quieter .El .Sh SEE ALSO .Xr chpass 1 , .Xr passwd 1 , .Xr rlogin 1 , .Xr skey 1 , .Xr getpass 3 , .Xr ttyaction 3 , .Xr login.conf 5 , .Xr passwd.conf 5 , .Xr utmp 5 , .Xr environ 7 , .Xr kerberos 8 , .Xr pam 8 .Sh HISTORY A .Nm appeared in .At v6 . .Sh TRADEMARKS AND PATENTS .Tn S/Key is a trademark of .Tn Bellcore .