207 lines
5.6 KiB
Groff
207 lines
5.6 KiB
Groff
|
.\" $NetBSD: login.1,v 1.30 2008/11/19 17:56:53 ginsbach Exp $
|
||
|
.\"
|
||
|
.\" Copyright (c) 1980, 1990, 1993
|
||
|
.\" The Regents of the University of California. All rights reserved.
|
||
|
.\"
|
||
|
.\" Redistribution and use in source and binary forms, with or without
|
||
|
.\" modification, are permitted provided that the following conditions
|
||
|
.\" are met:
|
||
|
.\" 1. Redistributions of source code must retain the above copyright
|
||
|
.\" notice, this list of conditions and the following disclaimer.
|
||
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||
|
.\" notice, this list of conditions and the following disclaimer in the
|
||
|
.\" documentation and/or other materials provided with the distribution.
|
||
|
.\" 3. Neither the name of the University nor the names of its contributors
|
||
|
.\" may be used to endorse or promote products derived from this software
|
||
|
.\" without specific prior written permission.
|
||
|
.\"
|
||
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||
|
.\" SUCH DAMAGE.
|
||
|
.\"
|
||
|
.\" @(#)login.1 8.2 (Berkeley) 5/5/94
|
||
|
.\"
|
||
|
.Dd November 19, 2008
|
||
|
.Dt LOGIN 1
|
||
|
.Os
|
||
|
.Sh NAME
|
||
|
.Nm login
|
||
|
.Nd authenticate users and set up their session environment
|
||
|
.Sh SYNOPSIS
|
||
|
.Nm
|
||
|
.Op Fl Ffps
|
||
|
.Op Fl a Ar address
|
||
|
.Op Fl h Ar hostname
|
||
|
.Op Ar user
|
||
|
.Sh DESCRIPTION
|
||
|
The
|
||
|
.Nm
|
||
|
utility logs users (and pseudo-users) into the computer system.
|
||
|
.Pp
|
||
|
If no user is specified, or if a user is specified and authentication
|
||
|
of the user fails,
|
||
|
.Nm
|
||
|
prompts for a user name.
|
||
|
Authentication of users is done via passwords.
|
||
|
If the user can be authenticated via
|
||
|
.Tn S/Key ,
|
||
|
then the
|
||
|
.Tn S/Key
|
||
|
challenge is incorporated in the password prompt.
|
||
|
The user then has the option of entering their Kerberos or normal
|
||
|
password or the
|
||
|
.Tn S/Key
|
||
|
response.
|
||
|
Neither will be echoed.
|
||
|
.Pp
|
||
|
The options are as follows:
|
||
|
.Bl -tag -width Ds
|
||
|
.It Fl a
|
||
|
The
|
||
|
.Fl a
|
||
|
option specifies the address of the host from which the connection was received.
|
||
|
It is used by various daemons such as
|
||
|
.Xr telnetd 8 .
|
||
|
This option may only be used by the super-user.
|
||
|
.It Fl F
|
||
|
The
|
||
|
.Fl F
|
||
|
option acts like the
|
||
|
.Fl f
|
||
|
option, but also indicates to
|
||
|
.Nm
|
||
|
that it should attempt to rewrite an existing Kerberos 5 credentials cache
|
||
|
(specified by the KRB5CCNAME environment variable) after dropping
|
||
|
permissions to the user logging in.
|
||
|
This flag is not supported under
|
||
|
.Xr pam 8 .
|
||
|
.It Fl f
|
||
|
The
|
||
|
.Fl f
|
||
|
option is used when a user name is specified to indicate that proper
|
||
|
authentication has already been done and that no password need be
|
||
|
requested.
|
||
|
This option may only be used by the super-user or when an already
|
||
|
logged in user is logging in as themselves.
|
||
|
.It Fl h
|
||
|
The
|
||
|
.Fl h
|
||
|
option specifies the host from which the connection was received.
|
||
|
It is used by various daemons such as
|
||
|
.Xr telnetd 8 .
|
||
|
This option may only be used by the super-user.
|
||
|
.It Fl p
|
||
|
By default,
|
||
|
.Nm
|
||
|
discards any previous environment.
|
||
|
The
|
||
|
.Fl p
|
||
|
option disables this behavior.
|
||
|
.It Fl s
|
||
|
Require a secure authentication mechanism like
|
||
|
.Tn Kerberos
|
||
|
or
|
||
|
.Tn S/Key
|
||
|
to be used.
|
||
|
This flag is not supported under
|
||
|
.Xr pam 8 .
|
||
|
.El
|
||
|
.Pp
|
||
|
If a user other than the superuser attempts to login while the file
|
||
|
.Pa /etc/nologin
|
||
|
exists,
|
||
|
.Nm
|
||
|
displays its contents to the user and exits.
|
||
|
This is used by
|
||
|
.Xr shutdown 8
|
||
|
to prevent normal users from logging in when the system is about to go down.
|
||
|
.Pp
|
||
|
Immediately after logging a user in,
|
||
|
.Nm
|
||
|
displays the system copyright notice, the date and time the user last
|
||
|
logged in, the message of the day as well as other information.
|
||
|
If the file
|
||
|
.Dq Pa .hushlogin
|
||
|
exists in the user's home directory, all of these messages are suppressed.
|
||
|
This is to simplify logins for non-human users.
|
||
|
.Nm
|
||
|
then records an entry in the
|
||
|
.Xr wtmp 5
|
||
|
and
|
||
|
.Xr utmp 5
|
||
|
files, executes site-specific login commands via the
|
||
|
.Xr ttyaction 3
|
||
|
facility with an action of "login", and executes the user's command
|
||
|
interpreter.
|
||
|
.Pp
|
||
|
.Nm
|
||
|
enters information into the environment (see
|
||
|
.Xr environ 7 )
|
||
|
specifying the user's home directory (HOME), command interpreter (SHELL),
|
||
|
search path (PATH), terminal type (TERM) and user name (both LOGNAME and
|
||
|
USER).
|
||
|
.Pp
|
||
|
The user's login experience can be customized using
|
||
|
login class capabilities as configured in
|
||
|
.Pa /etc/login.conf
|
||
|
and documented in
|
||
|
.Xr login.conf 5 .
|
||
|
.Pp
|
||
|
The standard shells,
|
||
|
.Xr csh 1
|
||
|
and
|
||
|
.Xr sh 1 ,
|
||
|
do not fork before executing the
|
||
|
.Nm
|
||
|
utility.
|
||
|
.Sh FILES
|
||
|
.Bl -tag -width /var/mail/userXXX -compact
|
||
|
.It Pa /etc/login.conf
|
||
|
login class capability database
|
||
|
.It Pa /etc/motd
|
||
|
message-of-the-day
|
||
|
.It Pa /etc/nologin
|
||
|
disallows non-superuser logins
|
||
|
.It Pa /var/run/utmp
|
||
|
list of current logins
|
||
|
.It Pa /var/log/lastlog
|
||
|
last login account records
|
||
|
.It Pa /var/log/wtmp
|
||
|
login account records
|
||
|
.It Pa /var/mail/user
|
||
|
system mailboxes
|
||
|
.It Pa \&.hushlogin
|
||
|
makes login quieter
|
||
|
.El
|
||
|
.Sh SEE ALSO
|
||
|
.Xr chpass 1 ,
|
||
|
.Xr newgrp 1 ,
|
||
|
.Xr passwd 1 ,
|
||
|
.Xr rlogin 1 ,
|
||
|
.Xr skey 1 ,
|
||
|
.Xr getpass 3 ,
|
||
|
.Xr ttyaction 3 ,
|
||
|
.Xr login.conf 5 ,
|
||
|
.Xr passwd.conf 5 ,
|
||
|
.Xr utmp 5 ,
|
||
|
.Xr environ 7 ,
|
||
|
.Xr kerberos 8 ,
|
||
|
.Xr pam 8
|
||
|
.Sh HISTORY
|
||
|
A
|
||
|
.Nm
|
||
|
appeared in
|
||
|
.At v6 .
|
||
|
.Sh TRADEMARKS AND PATENTS
|
||
|
.Tn S/Key
|
||
|
is a trademark of
|
||
|
.Tn Bellcore .
|