HP-UX Reference (11i v1 05/09) - 1 User Commands A-M (vol 1)
l
login(1) login(1)
login_directory, login_name, and login_shell are taken from the corresponding fields of the
passwd
file
entry (see passwd(4)).
For superuser,
PATH is set to:
PATH=:/usr/sbin:/usr/bin:/sbin
In the case of a remote login, the environment variable
TERM is also set to the remote user’s terminal type.
The environment can be expanded or modified by supplying additional arguments to
login, either at exe-
cution time or when
login requests the user’s login name. The arguments can take either the form value
or varname
=value, where varname is a new or existing environment variable name and value is a value to
be assigned to the variable.
An argument in the first form (without an equals sign) is placed in the environment as if it were entered in
the form
Ln=value
where n is a number starting at 0 that is incremented each time a new variable name is required.
An argument in the second form (with an equals sign) is placed into the environment without modification.
If the variable name (Ln or varname) already appears in the environment, the new value replaces the older
one.
There are two exceptions. The variables PATH and SHELL cannot be changed. This prevents users logged
in with restricted shell environments from spawning secondary shells that are not restricted.
Both login and getty understand simple single-character quoting conventions. Typing a backslash in
front of a character quotes it and allows the inclusion of such things as spaces and tabs.
If /var/adm/btmp is present, all unsuccessful login attempts are logged to that file. This feature is dis-
abled if the file is not present. The
lastb command, (see last(1)), displays a summary of bad login
attempts for users with read access to btmp.
If the /etc/securetty file is present, login security is in effect, i.e.,
root is allowed to log in success-
fully only on the ttys listed in this file. Restricted ttys are listed by device name, one per line. Valid tty
names are dependent on the installation. An example is
console
tty01
ttya1
etc.
Note that this feature does not inhibit a normal user from using the su command (see su(1)).
HP-UX Smart Card Login
If the user account is configured to use a Smart Card, the user password is stored in the card. This pass-
word has characteristics identical to a normal password stored on the system.
In order to login using a Smart Card account, the card must be inserted into the Smart Card reader. The
user is prompted for a PIN (personal identification number) instead of a password during authentication.
The prompts are:
login:
Enter PIN:
The password is retrieved automatically from the Smart Card when a valid PIN is entered. Therefore, it is
not necessary to know the password, only the PIN.
The card is locked if an incorrect PIN is entered three consecutive times. It may be unlocked only by the
card issuer.
SECURITY FEATURES
On a trusted system, login prohibits a user from logging in if any of the following is true:
• The password for the account has expired and the user cannot successfully change the password.
• The password lifetime for the account has passed.
• The time between the last login and the current time exceeds the time allowed for login intervals.
Section 1−−482 Hewlett-Packard Company − 2 − HP-UX 11i Version 1: September 2005