NetBSD/usr.bin/login/login.1

189 lines
5.3 KiB
Groff

.\" $NetBSD: login.1,v 1.20 2001/04/04 09:37:51 wiz Exp $
.\"
.\" Copyright (c) 1980, 1990, 1993
.\" The Regents of the University of California. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgement:
.\" This product includes software developed by the University of
.\" California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" @(#)login.1 8.2 (Berkeley) 5/5/94
.\"
.Dd January 13, 1999
.Dt LOGIN 1
.Os
.Sh NAME
.Nm login
.Nd authenticate users and set up their session environment
.Sh SYNOPSIS
.Nm
.Op Fl Ffps
.Op Fl h Ar hostname
.Op Ar user
.Sh DESCRIPTION
The
.Nm
utility logs users (and pseudo-users) into the computer system.
.Pp
If no user is specified, or if a user is specified and authentication
of the user fails,
.Nm
prompts for a user name.
Authentication of users is done via passwords.
If the user can be authenticated via
.Tn S/Key ,
then the
.Tn S/Key
challenge is incorporated in the password prompt.
The user then has the option of entering their Kerberos or normal
password or the
.Tn S/Key
response.
Neither will be echoed.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl F
The
.Fl F
option acts like the
.Fl f
option, but also indicates to \fBlogin\fR
that it should attempt to rewrite an existing kerberos5 credentials cache
(specified by the KRB5CCNAME environment variable) after dropping
permissions to the user logging in.
.It Fl f
The
.Fl f
option is used when a user name is specified to indicate that proper
authentication has already been done and that no password need be
requested.
This option may only be used by the super-user or when an already
logged in user is logging in as themselves.
.It Fl h
The
.Fl h
option specifies the host from which the connection was received.
It is used by various daemons such as
.Xr telnetd 8 .
This option may only be used by the super-user.
.It Fl p
By default,
.Nm
discards any previous environment.
The
.Fl p
option disables this behavior.
.It Fl s
Require a secure authentication mechanism like
.Tn Kerberos
or
.Tn S/Key
to be used.
.El
.Pp
If a user other than the superuser attempts to login while the file
.Pa /etc/nologin
exists,
.Nm
displays its contents to the user and exits.
This is used by
.Xr shutdown 8
to prevent normal users from logging in when the system is about to go down.
.Pp
Immediately after logging a user in,
.Nm
displays the system copyright notice, the date and time the user last
logged in, the message of the day as well as other information.
If the file
.Dq Pa .hushlogin
exists in the user's home directory, all of these messages are suppressed.
This is to simplify logins for non-human users, such as
.Xr uucp 1 .
.Nm
then records an entry in the
.Xr wtmp 5
and
.Xr utmp 5
files, executes site-specific login commands via the
.Xr ttyaction 3
facilty with an action of "login", and executes the user's command
interpreter.
.Pp
.Nm
enters information into the environment (see
.Xr environ 7 )
specifying the user's home directory (HOME), command interpreter (SHELL),
search path (PATH), terminal type (TERM) and user name (both LOGNAME and
USER).
.Pp
The standard shells,
.Xr csh 1
and
.Xr sh 1 ,
do not fork before executing the
.Nm
utility.
.Sh FILES
.Bl -tag -width /var/mail/userXXX -compact
.It Pa /etc/motd
message-of-the-day
.It Pa /etc/nologin
disallows non-superuser logins
.It Pa /var/run/utmp
list of current logins
.It Pa /var/log/lastlog
last login account records
.It Pa /var/log/wtmp
login account records
.It Pa /var/mail/user
system mailboxes
.It Pa \&.hushlogin
makes login quieter
.El
.Sh SEE ALSO
.Xr chpass 1 ,
.Xr passwd 1 ,
.Xr rlogin 1 ,
.Xr skey 1 ,
.Xr getpass 3 ,
.Xr ttyaction 3 ,
.Xr login.conf 5 ,
.Xr passwd.conf 5 ,
.Xr utmp 5 ,
.Xr environ 7 ,
.Xr kerberos 8
.Sh HISTORY
A
.Nm
appeared in
.At v6 .
.Sh TRADEMARKS AND PATENTS
.Tn S/Key
is a trademark of
.Tn Bellcore .