1 .\" $NetBSD: login.1,v 1.29 2008/11/18 15:52:57 wiz Exp $
3 .\" Copyright (c) 1980, 1990, 1993
4 .\" The Regents of the University of California. All rights reserved.
6 .\" Redistribution and use in source and binary forms, with or without
7 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
11 .\" 2. Redistributions in binary form must reproduce the above copyright
12 .\" notice, this list of conditions and the following disclaimer in the
13 .\" documentation and/or other materials provided with the distribution.
14 .\" 3. Neither the name of the University nor the names of its contributors
15 .\" may be used to endorse or promote products derived from this software
16 .\" without specific prior written permission.
18 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
19 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 .\" @(#)login.1 8.2 (Berkeley) 5/5/94
37 .Nd authenticate users and set up their session environment
47 utility logs users (and pseudo-users) into the computer system.
49 If no user is specified, or if a user is specified and authentication
52 prompts for a user name.
53 Authentication of users is done via passwords.
54 If the user can be authenticated via
58 challenge is incorporated in the password prompt.
59 The user then has the option of entering their Kerberos or normal
63 Neither will be echoed.
65 The options are as follows:
70 option specifies the address of the host from which the connection was received.
71 It is used by various daemons such as
73 This option may only be used by the super-user.
79 option, but also indicates to
81 that it should attempt to rewrite an existing Kerberos 5 credentials cache
82 (specified by the KRB5CCNAME environment variable) after dropping
83 permissions to the user logging in.
84 This flag is not supported under
89 option is used when a user name is specified to indicate that proper
90 authentication has already been done and that no password need be
92 This option may only be used by the super-user or when an already
93 logged in user is logging in as themselves.
97 option specifies the host from which the connection was received.
98 It is used by various daemons such as
100 This option may only be used by the super-user.
104 discards any previous environment.
107 option disables this behavior.
109 Require a secure authentication mechanism like
114 This flag is not supported under
118 If a user other than the superuser attempts to login while the file
122 displays its contents to the user and exits.
125 to prevent normal users from logging in when the system is about to go down.
127 Immediately after logging a user in,
129 displays the system copyright notice, the date and time the user last
130 logged in, the message of the day as well as other information.
133 exists in the user's home directory, all of these messages are suppressed.
134 This is to simplify logins for non-human users.
136 then records an entry in the
140 files, executes site-specific login commands via the
142 facility with an action of "login", and executes the user's command
146 enters information into the environment (see
148 specifying the user's home directory (HOME), command interpreter (SHELL),
149 search path (PATH), terminal type (TERM) and user name (both LOGNAME and
152 The user's login experience can be customized using
153 login class capabilities as configured in
162 do not fork before executing the
166 .Bl -tag -width /var/mail/userXXX -compact
167 .It Pa /etc/login.conf
168 login class capability database
172 disallows non-superuser logins
174 list of current logins
175 .It Pa /var/log/lastlog
176 last login account records
178 login account records
179 .It Pa /var/mail/user
203 .Sh TRADEMARKS AND PATENTS