HP UX Operating Systems manual 489

NAME

login - sign on; start terminal session

SYNOPSIS

login [name [env-var] ...]

DESCRIPTION

The login command is used at the beginning of each terminal session to properly identify a prospective user. login can be invoked as a user command or by the system as an incoming connection is established. login can also be invoked by the system when a previous user shell terminates but the terminal does not disconnect.

If login is invoked as a command, it must replace the initial command interpreter (the user's login shell). This is accomplished with the shell command

exec login

The user's login name is requested, if it is not speci®ed on the command line, and the corresponding password is obtained, if required, with the following prompts:

login:

Password:

Terminal echo is turned off (where possible) during password entry to prevent written records of the pass- word. If the account does not have a password, and the authentication pro®le for the account requires one, login invokes pam_chauthtok() to establish one for the account. On a trusted system, login displays the last successful and unsuccessful login times and terminal devices.

As a security precaution, some installations use an option that requires a second "dialup" password. This occurs only for dialup connections, and is requested with the prompt:

dialup password:

Both passwords must be correct for a successful login (see dialups(4) for details on dialup security).

If password aging is activated, the user's password may have expired. pam_chauthtok() is invoked to change the password. In an untrusted environment, the user is required to re-login after a successful password change (see passwd(1)).

After three unsuccessful login attempts, a HANGUP signal is issued. If a login is not successfully completed within a certain period of time (for example, one minute), the terminal is silently disconnected.

After a successful login, the accounting ®les are updated, user and group IDs, group access list, and working directory are initialized, and the user's command interpreter (shell) is determined from corresponding user entries in the ®les /etc/passwd and /etc/logingroup (see passwd(4) and group(4)). If /etc/passwd does not specify a shell for the user name, /usr/bin/sh is used by default. login then forks the appropriate shell by using the last component of the shell path name preceded by a - (for example, -shor -ksh). When the command interpreter is invoked with its name preceded by a minus in this manner, the shell performs its own initialization, including execution of pro®le, login, or other initialization scripts.

For example, if the user login shell is the Bourne, Korn, or POSIX shell (see sh-bourne(1), ksh(1), or sh- posix(1), respectively), the shell executes the pro®le ®les /etc/profile and $HOME/.profile if they exist (and possibly others as well). Depending on what these pro®le ®les contain, messages regarding mail in the user's mail ®le or any messages the user may have received since the user's last login may be displayed.

If the command name ®eld is *, a chroot() to the directory named in the directory ®eld of the entry is performed. At that point, login is re-executed at the new level, which must have its own root structure, including a /usr/bin/login command and an /etc/passwd ®le.

For the normal user, the basic environment variables (see environ(5)) are initialized to:

HOME=login_directory

LOGNAME=login_name

MAIL=/var/mail/login_name

PATH=:/usr/bin

SHELL=login_shell

l