login(1)							     login(1)



NAME

  login - Signs the user on to the system

SYNOPSIS

  login [-p] [-h host] [[-f] user]

  The login command is used when a user initially signs on to the system.  It
  is also used to change from one user to another.

  This security-sensitive command uses the SIA (Security Integration Archi-
  tecture) routine as an interface to the security mechanisms. See the
  matrix.conf(4) reference page for more information.

DESCRIPTION

  The invocation of login for initial sign-on is made by a system program or
  server using the latter form of the command and is described later.

  If login is invoked without an argument, it asks for a user name, and, if
  appropriate, a password.  Echoing is turned off (if possible) during the
  entering of the password, so it will not appear on the written record of
  the session.

  After a successful login, accounting files are updated.  You are informed
  of the existence of mail, and the message of the day and the time of last
  login are displayed.	The mail message, the message of the day, and the
  last login time are suppressed if there is a .hushlogin file in the home
  directory; this is mostly used to make life easier for users such as uucp.

				 Security Note
       If you have enhanced security installed on your system, the login com-
       mand prints the last successful and unsuccessful login times and ter-
       minal devices.  If the account does not have a password and the
       authentication profile for the account requires one, login starts the
       passwd command to establish one for the account.

       The login command prohibits you from logging in if any of the follow-
       ing are true:

	 +  The password for the account has expired and you cannot success-
	    fully change the password.

	 +  The password lifetime for the account has passed.

	 +  The administrative lock on the account was set.

	 +  The maximum number of unsuccessful login attempts for the account
	    was exceeded.

	 +  The maximum number of unsuccessful login attempts for the termi-
	    nal was exceeded.

	 +  The administrative lock on the terminal was set.

	 +  The terminal has an authorized user list and you are not on it.

	 +  The terminal has time of day restrictions and the current time is
	    not within them.

	 +  The account was retired by the system administrator.

			       End Security Note

  The login command initializes the user and group IDs and the working direc-
  tory, then executes a command interpreter according to specifications found
  in the password file.	 Argument 0 (zero) of the command interpreter is the
  name of the command interpreter with a leading - (dash).

  The login command also modifies the environment with information specifying
  home directory, command interpreter, terminal type (if available), and user
  name.

				 Security Note
       If you have enhanced security installed on your system, the login com-
       mand always allows root to log in at the console to avoid the situa-
       tion where all accounts and terminals are locked.

				 End Security Note

  If the file /etc/nologin exists, login prints its contents on your terminal
  and exits. This is used by shutdown to stop users from logging in when the
  system is about to go down.

  Login is recognized by sh, csh, and ksh and executed directly (without
  forking).

FLAGS

  With the exception of -p, these flags are available only to the superuser.

  -h host
      Used by telnetd and other servers to list the host from which the con-
      nection was received.

  -f  Used with a user name user on the command line to indicate that proper
      authentication was already done and that no password needs to be
      requested.

  -p  Causes the remainder of the environment to be preserved; otherwise, any
      previous environment is discarded.

ERRORS

  Login incorrect
       The user name or the password is invalid.

  No Shell, cannot open password file, no directory,
       Consult your system administrator.

				 Security Note
       If you have enhanced security installed on your system, you may see
       the following diagnostic messages:

       Cannot execute passwd program
	    The login command cannot invoke the passwd program.

       Login aborted due to no password
	    The passwd program is invoked, the user is unable to change the
	    password, and the account requires one.

       Account/Terminal is disabled but console login is allowed
	    The login command is allowing a root login at the system console
	    despite a condition that would normally not allow such a login.

       Account is disabled - see System Admin
	    The account is locked for one of the reasons listed previously.

       Terminal is disabled - see System Admin
	    The terminal is locked for one of the reasons listed previously.

       Not authorized for terminal access - see System Admin
	    You are not on the authorized user list for the terminal.

       Wrong time period to log into this terminal
	    The current time is not within the current time-of-day restric-
	    tions for the terminal.

       After an unsuccessful login attempt, login waits a specified (confi-
       gurable) amount of time before it prompts for another login attempt.

       If the account's password was changed by another user, login prints
       the time the password was changed and the user who changed it.

       If your password is about to expire, login warns you of the time of
       the impending expiration.  Your system administrator sets the warning
       period.

				 End Security Note

FILES

  /var/adm/utmp
	     Contains user and accounting information.

  /var/adm/wtmp
	     Contains login history.

  /usr/adm/lastlog
	     Contains last login time stamps.

  /var/spool/mail/*
	     Mail directory.

  /etc/motd  Message of the day.

  /etc/passwd
	     Contains user information.

  /etc/nologin
	     Stops logins.

  .hushlogin Suppresses mail notification, message of the day, and last login
	     time.

RELATED INFORMATION

  Commands:  init(8), getty(8), mail(1), binmail(1), mailx(1), Mail(1),
  passwd(1), chfn(1), chsh(1), rlogin(1), shutdown(8).

  Functions:  getpass(3).

  Files:  matrix.conf(4), passwd(4), utmp(4).

  Security