Command Reference Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Operating Systems

481

482

483

484

485

486

487

488

489

490

__________________________________________________________________________________________________________________________________________________________________________________________________

STANDARD Printed by: Nora Chuang [nchuang] STANDARD

/build/1111/BRICK/man1/!!!intro.1

________________________________________________________________

___ ___

NAME

SYNOPSIS

DESCRIPTION

The login command is used at the beginning of each terminal session to properly identify a prospective

user. login can be invoked as a user command or by the system as an incoming connection is established.

disconnect.

If login is invoked as a command, it must replace the initial command interpreter (the user’s login shell).

This is accomplished with the shell command

exec login

The user’s login name is requested, if it is not speciﬁed on the command line, and the corresponding pass-

word is obtained, if required, with the following prompts:

Password:

Terminal echo is turned off (where possible) during password entry to prevent written records of the pass-

word. If the account does not have a password, and the authentication proﬁle for the account requires one,

displays the last successful and unsuccessful login times and terminal devices.

As a security precaution, some installations use an option that requires a second "dialup" password. This

occurs only for dialup connections, and is requested with the prompt:

dialup password:

Both passwords must be correct for a successful login (see dialups(4) for details on dialup security).

If password aging is activated, the user’s password may have expired. pam_chauthtok()

is invoked to

change the password. In an untrusted environment, the user is required to re-login after a successful pass-

word change (see passwd(1)).

After three unsuccessful login attempts, a

HANGUP signal is issued. If a login is not successfully completed

within a certain period of time (for example, one minute), the terminal is silently disconnected.

After a successful login, the accounting ﬁles are updated, user and group IDs, group access list, and work-

ing directory are initialized, and the user’s command interpreter (shell) is determined from corresponding

user entries in the ﬁles /etc/passwd and /etc/logingroup

(see passwd(4) and group(4)). If

/etc/passwd does not specify a shell for the user name, /usr/bin/sh is used by default. login

then forks the appropriate shell by using the last component of the shell path name preceded by a - (for

example, -sh or -ksh). When the command interpreter is invoked with its name preceded by a minus in

this manner, the shell performs its own initialization, including execution of proﬁle, login, or other initiali-

zation scripts.

For example, if the user login shell is the Bourne, Korn, or POSIX shell (see sh-bourne(1), ksh(1), or sh-

posix(1), respectively), the shell executes the proﬁle ﬁles

/etc/profile and $HOME/.profile if they

exist (and possibly others as well). Depending on what these proﬁle ﬁles contain, messages regarding mail

in the user’s mail ﬁle or any messages the user may have received since the user’s last login may be

displayed.

If the command name ﬁeld is

*,achroot() to the directory named in the directory ﬁeld of the entry is

performed. At that point, login is re-executed at the new level, which must have its own root structure,

including a /usr/bin/login command and an /etc/passwd ﬁle.

For the normal user, the basic environment variables (see environ(5)) are initialized to:

HOME=login_directory

LOGNAME=login_name

MAIL=/var/mail/login_name

PATH=:/usr/bin

SHELL=

login_shell

HP-UX Release 11i: December 2000 − 1 − Section 1−−461

___