User Commands                                            login(1)


     login - sign on to the system


     login [-p] [-d device] [-R repository] [-s service]
          [-t terminal] [-u identity] [-U ruser]
          [-h hostname [terminal] | -r hostname]
          [name [environ]...]


     The login command is used at the beginning of each  terminal
     session to identify oneself to the system.  login is invoked
     by the system when a connection is first established,  after
     the  previous user has terminated the login shell by issuing
     the exit command.

     If login is invoked as a command, it must replace  the  ini-
     tial  command  interpreter. To invoke login in this fashion,

       exec login

     from the initial shell. The C  shell  and  Korn  shell  have
     their  own  built-ins  of  login.  See ksh(1), ksh93(1), and
     csh(1) for descriptions of login built-ins and usage.

     login asks for your user name, if it is not supplied  as  an
     argument, and your password, if appropriate. Where possible,
     echoing is turned off while you type your  password,  so  it
     does not appear on the written record of the session.

     If you make any mistake in the login procedure, the message:

       Login incorrect

     is printed and a new login prompt appears. If you make  five
     incorrect   login  attempts,  all  five  can  be  logged  in
     /var/adm/loginlog, if it exists. The TTY line is dropped.

     If password aging is turned on and  the  password  has  aged
     (see  passwd(1) for more information), the user is forced to

SunOS 5.11           Last change: 7 Jan 2008                    1

User Commands                                            login(1)

     changed the password. In this  case  the  /etc/nsswitch.conf
     file  is  consulted  to determine password repositories (see
     nsswitch.conf(4)).  The password update configurations  sup-
     ported are limited to the following five cases.

         o    passwd: files

         o    passwd: files nis

         o    passwd: files nisplus

         o    passwd: compat (==> files nis)

         o    passwd: compat (==> files nisplus)

              passwd_compat: nisplus

     Failure to comply with the configurations prevents the  user
     from logging onto the system because passwd(1) fails. If you
     do not complete the  login  successfully  within  a  certain
     period  of  time, it is likely that you are silently discon-

     After a successful login, accounting files are updated. Dev-
     ice  owner,  group, and permissions are set according to the
     contents of the /etc/logindevperm file,  and  the  time  you
     last logged in is printed (see logindevperm(4)).

     The user-ID, group-ID, supplementary group list, and working
     directory are initialized, and the command interpreter (usu-
     ally ksh) is started.

     The basic environment is initialized to:


     For Bourne shell and Korn shell logins, the  shell  executes
     /etc/profile and $HOME/.profile, if it exists.

SunOS 5.11           Last change: 7 Jan 2008                    2

User Commands                                            login(1)

     For the ksh93 Korn shell, an interactive shell then executes
     /etc/ksh.kshrc,  followed  by  the file specified by the ENV
     environment variable. If $ENV is not set, this  defaults  to
     $HOME/.kshrc.   For the ksh and /usr/xpg4/bin/sh Korn Shell,
     an interactive shell executes the file  named  by  $ENV  (no

     For  C  shell  logins,  the  shell   executes   /etc/.login,
     $HOME/.cshrc,  and  $HOME/.login.   The default /etc/profile
     and /etc/.login files check quotas  (see  quota(1M)),  print
     /etc/motd,  and  check  for  mail.  None of the messages are
     printed if the file $HOME/.hushlogin exists. The name of the
     command interpreter is set to - (dash), followed by the last
     component of the interpreter's path name, for example, -sh.

     If  the  login-shell  field  in  the  password   file   (see
     passwd(4))  is  empty, then the default command interpreter,
     /usr/bin/sh, is used. If this field is  *  (asterisk),  then
     the  named  directory  becomes  the  root directory. At that
     point, login is re-executed at the  new  level,  which  must
     have its own root structure.

     The environment can be expanded  or  modified  by  supplying
     additional  arguments  to login, either at execution time or
     when login requests your login name. The arguments can  take
     either  the  form  xxx  or  xxx=yyy.  Arguments without an =
     (equal sign) are placed in the environment as:


     where n is a number starting at 0 and  is  incremented  each
     time  a  new variable name is required. Variables containing
     an = (equal sign) are  placed  in  the  environment  without
     modification.  If  they  already  appear in the environment,
     then they replace the older values.

     There are two exceptions: The variables PATH and SHELL  can-
     not  be changed. This prevents people logged into restricted
     shell environments from spawning secondary shells  that  are
     not  restricted.   login understands simple single-character
     quoting conventions. Typing a \ (backslash) in  front  of  a
     character quotes it and allows the inclusion of such charac-
     ters as spaces and tabs.

SunOS 5.11           Last change: 7 Jan 2008                    3

User Commands                                            login(1)

     Alternatively, you can pass the current environment by  sup-
     plying  the  -p flag to login.  This flag indicates that all
     currently defined environment variables should be passed, if
     possible,  to  the  new  environment.   This option does not
     bypass  any  environment  variable  restrictions   mentioned
     above.  Environment  variables  specified  on the login line
     take precedence, if a variable is passed by both methods.

     To enable remote logins by root, edit the /etc/default/login
     file   by   inserting   a   #   (pound   sign)   before  the
     CONSOLE=/dev/console entry.  See FILES.


     For  accounts  in  name  services  which  support  automatic
     account  locking,  the  account  can  be  configured  to  be
     automatically locked (see user_attr(4)  and  policy.conf(4))
     if  successive  failed  login  attempts  equals  or  exceeds
     RETRIES.   Currently,  only  the   files   repository   (see
     passwd(4) and shadow(4)) supports automatic account locking.
     See also pam_unix_auth(5).

     The login command uses pam(3PAM) for authentication, account
     management, session management, and password management. The
     PAM  configuration  policy,  listed  through  /etc/pam.conf,
     specifies  the modules to be used for login.  Here is a par-
     tial pam.conf file with entries for the login command  using
     the  UNIX  authentication,  account  management, and session
     management modules:

       login  auth       required
       login  auth       required
       login  auth       required
       login  auth       required

       login  account    requisite
       login  account    required

       login  session    required

     The Password Management stack looks like the following:

       other  password   required
       other  password   requisite
       other  password   requisite
       other  password   required

SunOS 5.11           Last change: 7 Jan 2008                    4

User Commands                                            login(1)

     If there are no entries for the service,  then  the  entries
     for  the  other  service is used. If multiple authentication
     modules are listed, then the user can be prompted for multi-
     ple passwords.

     When login is invoked through rlogind or telnetd,  the  ser-
     vice name used by PAM is rlogin or telnet, respectively.


     The following options are supported:

     -d device                 login  accepts  a  device  option,
                               device.  device is taken to be the
                               path name of the TTY port login is
                               to operate on. The use of the dev-
                               ice  option  can  be  expected  to
                               improve  login  performance, since
                               login  does  not  need   to   call
                               ttyname(3C).   The  -d  option  is
                               available only to users whose  UID
                               and  effective  UID  are root. Any
                               other attempt  to  use  -d  causes
                               login to quietly exit.

     -h hostname [terminal]    Used  by  in.telnetd(1M)  to  pass
                               information  about the remote host
                               and terminal type.

                               Terminal type as a second argument
                               to  the -h option should not start
                               with a hyphen (-).

     -p                        Used to pass environment variables
                               to the login shell.

     -r hostname               Used  by  in.rlogind(1M)  to  pass
                               information about the remote host.

     -R repository             Used to specify the PAM repository
                               that  should  be  used to tell PAM
                               about the "identity"  (see  option
                               -u below). If no "identity" infor-
                               mation is passed,  the  repository
                               is not used.

SunOS 5.11           Last change: 7 Jan 2008                    5

User Commands                                            login(1)

     -s service                Indicates  the  PAM  service  name
                               that  should  be  used.  Normally,
                               this argument is not necessary and
                               is used only for specifying alter-
                               native  PAM  service  names.   For
                               example: "ktelnet" for the Kerber-
                               ized telnet process.

     -u identity               Specifies  the  "identity"  string
                               associated  with  the  user who is
                               being authenticated. This  usually
                               is  not be the same as that user's
                               Unix login  name.  For  Kerberized
                               login  sessions,  this is the Ker-
                               beros  principal  name  associated
                               with the user.

     -U ruser                  Indicates the name of  the  person
                               attempting  to login on the remote
                               side  of  the  rlogin  connection.
                               When  in.rlogind(1M)  is operating
                               in Kerberized  mode,  that  daemon
                               processes  the terminal and remote
                               user  name  information  prior  to
                               invoking  login,  so  the  "ruser"
                               data is indicated using this  com-
                               mand   line   parameter.  Normally
                               (non-Kerberos  authenticated  rlo-
                               gin),  the  login daemon reads the
                               remote user information  from  the


     The following exit values are returned:

     0           Successful operation.

     non-zero    Error.


     $HOME/.cshrc           Initial commands for each csh.

     $HOME/.hushlogin       Suppresses login messages.

SunOS 5.11           Last change: 7 Jan 2008                    6

User Commands                                            login(1)

     $HOME/.kshrc           User's   commands   for   interactive
                            ksh93,  if  $ENV  is  unset; executes
                            after /etc/ksh.kshrc.

     $HOME/.login           User's login commands for csh.

     $HOME/.profile         User's login commands  for  sh,  ksh,
                            and ksh93.

     $HOME/.rhosts          Private     list      of      trusted
                            hostname/username combinations.

     /etc/.login            System-wide csh login commands.

     /etc/issue             Issue or project identification.

     /etc/ksh.kshrc         System-wide commands for  interactive

     /etc/logindevperm      Login-based device permissions.

     /etc/motd              Message-of-the-day.

     /etc/nologin           Message displayed to users attempting
                            to login during machine shutdown.

     /etc/passwd            Password file.

     /etc/profile           System-wide sh, ksh, and ksh93  login

     /etc/shadow            List of users' encrypted passwords.

     /usr/bin/sh            User's default command interpreter.

     /var/adm/lastlog       Time of last login.

SunOS 5.11           Last change: 7 Jan 2008                    7

User Commands                                            login(1)

     /var/adm/loginlog      Record of failed login attempts.

     /var/adm/utmpx         Accounting.

     /var/adm/wtmpx         Accounting.

     /var/mail/your-name    Mailbox for user your-name.

     /etc/default/login     Default value can be set for the fol-
                            lowing  flags  in /etc/default/login.
                            Default values are specified as  com-
                            ments in the /etc/default/login file,
                            for example, TIMEZONE=EST5EDT.

                            TIMEZONE                Sets  the  TZ
                                                    variable   of
                                                    the     shell

                            HZ                      Sets  the  HZ
                                                    variable   of
                                                    the shell.

                            ULIMIT                  Sets the file
                                                    size    limit
                                                    for       the
                                                    login.  Units
                                                    are      disk
                                                    Default    is
                                                    zero      (no

                            CONSOLE                 If set,  root
                                                    can  login on
                                                    that   device
                                                    only.    This
                                                    does      not
                                                    prevent  exe-
                                                    cution     of
                                                    remote   com-
                                                    mands    with

SunOS 5.11           Last change: 7 Jan 2008                    8

User Commands                                            login(1)

                                                    rsh(1).  Com-
                                                    ment out this
                                                    line to allow
                                                    login      by

                            PASSREQ                 Determines if
                                                    requires    a

                            ALTSHELL                Determines if
                                                    login  should
                                                    set the SHELL

                            PATH                    Sets the ini-
                                                    tial    shell
                                                    PATH    vari-

                            SUPATH                  Sets the ini-
                                                    tial    shell
                                                    PATH variable
                                                    for root.

                            TIMEOUT                 Sets      the
                                                    number     of
                                                    (between    0
                                                    and  900)  to
                                                    wait   before
                                                    abandoning  a
                                                    login    ses-

                            UMASK                   Sets the ini-
                                                    tial    shell
                                                    file creation
                                                    mode    mask.
                                                    See umask(1).

SunOS 5.11           Last change: 7 Jan 2008                    9

User Commands                                            login(1)

                            SYSLOG                  Determines
                                                    whether   the
                                                    should     be
                                                    used  to  log
                                                    all      root
                                                    logins     at
                                                    and  multiple
                                                    failed  login

                            DISABLETIME             If   present,
                                                    and   greater
                                                    than    zero,
                                                    the number of
                                                    seconds  that
                                                    login   waits
                                                    after RETRIES
                                                    attempts   or
                                                    the       PAM
                                                    Default is 20
                                                    Minimum  is 0
                                                    seconds.   No
                                                    maximum    is

                            SLEEPTIME               If   present,
                                                    sets      the
                                                    number     of
                                                    seconds    to
                                                    wait   before
                                                    the     login
                                                    failure  mes-
                                                    sage       is
                                                    printed    to
                                                    the   screen.
                                                    This  is  for
                                                    any     login
                                                    failure other

SunOS 5.11           Last change: 7 Jan 2008                   10

User Commands                                            login(1)

                                                    Another login
                                                    attempt    is
                                                    allowed, pro-
                                                    RETRIES   has
                                                    not      been
                                                    reached    or
                                                    the       PAM
                                                    framework  is
                                                    Default is  4
                                                    Minimum is  0
                                                    seconds. Max-
                                                    imum   is   5

                                                    Both   su(1M)
                                                    are  affected
                                                    by the  value
                                                    of SLEEPTIME.

                            RETRIES                 Sets      the
                                                    number     of
                                                    retries   for
                                                    logging    in
                                                    The   default
                                                    is   5.   The
                                                    number     of
                                                    retries    is
                                                    15.       For
                                                    accounts con-
                                                    figured  with
                                                    locking  (see
                                                    above),   the
                                                    account    is
                                                    locked    and
                                                    login  exits.
                                                    If  automatic
                                                    locking   has
                                                    not been con-

SunOS 5.11           Last change: 7 Jan 2008                   11

User Commands                                            login(1)

                                                    login   exits
                                                    without lock-
                                                    ing       the

                            SYSLOG_FAILED_LOGINS    Used       to
                                                    determine how
                                                    many   failed
                                                    attempts  are
                                                    allowed    by
                                                    the    system
                                                    before      a
                                                    failed  login
                                                    message    is
                                                    logged, using
                                                    facility. For
                                                    example,   if
                                                    the  variable
                                                    is  set to 0,
                                                    login    logs
                                                    all    failed


     See attributes(5) for descriptions of the  following  attri-

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWcsu                     |
    | Interface Stability         | Committed                   |


     csh(1),  exit(1),  ksh(1),  ksh93(1),   mail(1),   mailx(1),
     newgrp(1),     passwd(1),    rlogin(1),    rsh(1),    sh(1),
     shell_builtins(1),  telnet(1),   umask(1),   in.rlogind(1M),
     in.telnetd(1M),  logins(1M), quota(1M), su(1M), sulogin(1M),
     syslogd(1M),    useradd(1M),     userdel(1M),     pam(3PAM),

SunOS 5.11           Last change: 7 Jan 2008                   12

User Commands                                            login(1)

     rcmd(3SOCKET),    syslog(3C),   ttyname(3C),   auth_attr(4),
     exec_attr(4),  hosts.equiv(4),  issue(4),   logindevperm(4),
     loginlog(4),   nologin(4),   nsswitch.conf(4),  pam.conf(4),
     passwd(4),    policy.conf(4),     profile(4),     shadow(4),
     user_attr(4), utmpx(4), wtmpx(4), attributes(5), environ(5),
     pam_unix_account(5), pam_unix_auth(5),  pam_unix_session(5),
     pam_authtok_check(5),                    pam_authtok_get(5),
     pam_authtok_store(5),   pam_dhkeys(5),   pam_passwd_auth(5),


     Login incorrect

         The user name or the password cannot be matched.

     Not on system console

         Root  login  denied.  Check  the  CONSOLE   setting   in

     No directory! Logging in with home=/

         The user's home directory named in the  passwd(4)  data-
         base  cannot be found or has the wrong permissions. Con-
         tact your system administrator.

     No shell

         Cannot execute the shell named in  the  passwd(4)  data-
         base. Contact your system administrator.

     NO LOGINS: System going down in N minutes

         The machine is in the process of  being  shut  down  and
         logins have been disabled.


     Users with a UID greater than 76695844 are  not  subject  to
     password  aging,  and  the system does not record their last
     login time.

     If you use the CONSOLE setting to disable root  logins,  you
     should arrange that remote command execution by root is also
     disabled. See rsh(1), rcmd(3SOCKET), and hosts.equiv(4)  for
     further details.

SunOS 5.11           Last change: 7 Jan 2008                   13

User Commands                                            login(1)


     The pam_unix(5) module is no longer supported. Similar func-
     tionality     is     provided     by    pam_unix_account(5),
     pam_unix_auth(5), pam_unix_session(5), pam_authtok_check(5),
     pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), and

SunOS 5.11           Last change: 7 Jan 2008                   14

Man(1) output converted with man2html

FhG Schily's Home VED powered