1.\" $NetBSD: login.1,v 1.30 2008/11/19 17:56:53 ginsbach Exp $ 2.\" 3.\" Copyright (c) 1980, 1990, 1993 4.\" The Regents of the University of California. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 3. Neither the name of the University nor the names of its contributors 15.\" may be used to endorse or promote products derived from this software 16.\" without specific prior written permission. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28.\" SUCH DAMAGE. 29.\" 30.\" @(#)login.1 8.2 (Berkeley) 5/5/94 31.\" 32.Dd November 19, 2008 33.Dt LOGIN 1 34.Os 35.Sh NAME 36.Nm login 37.Nd authenticate users and set up their session environment 38.Sh SYNOPSIS 39.Nm 40.Op Fl Ffps 41.Op Fl a Ar address 42.Op Fl h Ar hostname 43.Op Ar user 44.Sh DESCRIPTION 45The 46.Nm 47utility logs users (and pseudo-users) into the computer system. 48.Pp 49If no user is specified, or if a user is specified and authentication 50of the user fails, 51.Nm 52prompts for a user name. 53Authentication of users is done via passwords. 54If the user can be authenticated via 55.Tn S/Key , 56then the 57.Tn S/Key 58challenge is incorporated in the password prompt. 59The user then has the option of entering their Kerberos or normal 60password or the 61.Tn S/Key 62response. 63Neither will be echoed. 64.Pp 65The options are as follows: 66.Bl -tag -width Ds 67.It Fl a 68The 69.Fl a 70option specifies the address of the host from which the connection was received. 71It is used by various daemons such as 72.Xr telnetd 8 . 73This option may only be used by the super-user. 74.It Fl F 75The 76.Fl F 77option acts like the 78.Fl f 79option, but also indicates to 80.Nm 81that it should attempt to rewrite an existing Kerberos 5 credentials cache 82(specified by the KRB5CCNAME environment variable) after dropping 83permissions to the user logging in. 84This flag is not supported under 85.Xr pam 8 . 86.It Fl f 87The 88.Fl f 89option is used when a user name is specified to indicate that proper 90authentication has already been done and that no password need be 91requested. 92This option may only be used by the super-user or when an already 93logged in user is logging in as themselves. 94.It Fl h 95The 96.Fl h 97option specifies the host from which the connection was received. 98It is used by various daemons such as 99.Xr telnetd 8 . 100This option may only be used by the super-user. 101.It Fl p 102By default, 103.Nm 104discards any previous environment. 105The 106.Fl p 107option disables this behavior. 108.It Fl s 109Require a secure authentication mechanism like 110.Tn Kerberos 111or 112.Tn S/Key 113to be used. 114This flag is not supported under 115.Xr pam 8 . 116.El 117.Pp 118If a user other than the superuser attempts to login while the file 119.Pa /etc/nologin 120exists, 121.Nm 122displays its contents to the user and exits. 123This is used by 124.Xr shutdown 8 125to prevent normal users from logging in when the system is about to go down. 126.Pp 127Immediately after logging a user in, 128.Nm 129displays the system copyright notice, the date and time the user last 130logged in, the message of the day as well as other information. 131If the file 132.Dq Pa .hushlogin 133exists in the user's home directory, all of these messages are suppressed. 134This is to simplify logins for non-human users. 135.Nm 136then records an entry in the 137.Xr wtmp 5 138and 139.Xr utmp 5 140files, executes site-specific login commands via the 141.Xr ttyaction 3 142facility with an action of "login", and executes the user's command 143interpreter. 144.Pp 145.Nm 146enters information into the environment (see 147.Xr environ 7 ) 148specifying the user's home directory (HOME), command interpreter (SHELL), 149search path (PATH), terminal type (TERM) and user name (both LOGNAME and 150USER). 151.Pp 152The user's login experience can be customized using 153login class capabilities as configured in 154.Pa /etc/login.conf 155and documented in 156.Xr login.conf 5 . 157.Pp 158The standard shells, 159.Xr csh 1 160and 161.Xr sh 1 , 162do not fork before executing the 163.Nm 164utility. 165.Sh FILES 166.Bl -tag -width /var/mail/userXXX -compact 167.It Pa /etc/login.conf 168login class capability database 169.It Pa /etc/motd 170message-of-the-day 171.It Pa /etc/nologin 172disallows non-superuser logins 173.It Pa /var/run/utmp 174list of current logins 175.It Pa /var/log/lastlog 176last login account records 177.It Pa /var/log/wtmp 178login account records 179.It Pa /var/mail/user 180system mailboxes 181.It Pa \&.hushlogin 182makes login quieter 183.El 184.Sh SEE ALSO 185.Xr chpass 1 , 186.Xr newgrp 1 , 187.Xr passwd 1 , 188.Xr rlogin 1 , 189.Xr skey 1 , 190.Xr getpass 3 , 191.Xr ttyaction 3 , 192.Xr login.conf 5 , 193.Xr passwd.conf 5 , 194.Xr utmp 5 , 195.Xr environ 7 , 196.Xr kerberos 8 , 197.Xr pam 8 198.Sh HISTORY 199A 200.Nm 201appeared in 202.At v6 . 203.Sh TRADEMARKS AND PATENTS 204.Tn S/Key 205is a trademark of 206.Tn Bellcore . 207