login(1)

login -- sign on

Synopsis

login [-p] name [environ . . .]

Description

login is an identification and authentication mechanism that is invoked by a port monitor, typically ttymon, at the beginning of each terminal session. It provides a means of identifying users to the system and authenticating user identity. As the last step in the login procedure, a service, usually sh, is invoked.

login cannot be invoked from a shell. Instead, it is placed in a port monitor's administrative file by the system administrator and is invoked by the port monitor, typically ttymon. (See ttymon(1M) and pmadm(1M).)

When login is invoked by the port monitor, a prompt appears. The minimum response is a login name. Other possible options and parameters are outlined below.

If appropriate, login may ask for a password. Where possible, echoing is turned off while the password is typed so the password does not appear on the written record of the session. If the -p option has been included, login invokes the passwd command. (See passwd(1).) If the LOGIN_ONLY keyword is set in the password default file, this use of the -p option is the only way a user can change passwords.

At some installations, you may be required to enter a dialup password for dialup connections, as well as a login password. In this case, the prompt for the dialup password will be ``Dialup Password:''.

If you do not complete the login successfully within a certain period of time (see defadm(1M)), you are likely to be silently disconnected.

The following arguments and options may be entered in response to the login prompt.

name

The user's login name.

-p

Changes the user's password. The system prompts for the old password and a new password, and then asks for the new password again as a check against typing errors.

environ

Sets environment variable(s).

The basic environment is initialized to:

   HOME=your_login_directory
   LOGNAME=your_login_name
   MAIL=/var/mail/your_login_name
   PATH=/usr/bin
   SHELL=last_field_of_passwd_entry
   # (/bin/sh if the field is empty)
   TZ=timezone_specification

The environment may be expanded or modified by supplying additional arguments when login prints the prompt requesting the user's login name. The arguments may take either of two forms: xxx or xxx=yyy. Arguments without an equal sign are placed in the environment as

   Ln=xxx

where n is a number that starts at 0 and is incremented each time a new variable name is required. Variables containing ``='' are placed in the environment without modification. If such a variable is already defined, the new value replaces the old value. To prevent users who log in to restricted shell environments from spawning secondary shells that are not restricted, the following environment variables cannot be changed:

   HOME
   IFS
   LOGNAME
   PATH
   SHELL

login understands simple, single-character quoting conventions. Typing a backslash in front of a character quotes it and allows the inclusion of such characters as spaces and tabs.

If the authentication performed by the login authentication scheme, /usr/lib/iaf/login/scheme, is successful, the scheme pushes the following information onto a STREAMS module and returns control to the port monitor:

AUDITMASK
GID
GIDCNT (group count)
HOME
HZ
LOGNAME
PATH
SGID (supplementary group list)
SHELL
TTY
TZ
UID
ULIMIT

The port monitor then calls set_id and set_env, which use this information to set the user's identity and environment.

After a successful login, accounting files are updated, the time you last logged in is printed, and (if appropriate) your current level is printed.

Files

/etc/default/login: login default file
/etc/dialups
/etc/d_passwd
/etc/motd: message of the day
/etc/passwd: password file
/etc/profile: system profile
$HOME/.profile: user's login profile
/etc/security/ia/index: index into /etc/security/ia/master
/etc/security/ia/master: contains all INA information about users
/usr/lib/iaf/login/scheme: login authentication scheme
/var/adm/lastlog: time of last login
/var/adm/loginlog: record of failed login attempts
/var/adm/utmp: accounting
/var/adm/wtmp: accounting
/var/mail/your_name: mailbox for user your_name
/usr/lib/locale/locale/LC_MESSAGES/uxcore: language-specific message file (see LANG on environ(5)).

References

defadm(1M), environ(5) login(4), loginlog(4), mail(1), newgrp(1M), passwd(4), profile(4), sh(1), su(1M), ttymon(1M)

Diagnostics

The message ``UX:login: ERROR: Login incorrect'' is printed if the user name or the password cannot be matched or if the user's login account has expired or remained inactive for a period greater than the system threshold.