login man page on HP-UX

Man page or keyword search:  
man Server   10987 pages
apropos Keyword Search (all sections)
Output format
HP-UX logo
[printable version]

login(1)							      login(1)

NAME
       login - sign on, start terminal session

SYNOPSIS
       [name [env-var]...]

DESCRIPTION
       The  command is used at the beginning of each terminal session to prop‐
       erly identify a prospective user.  can be invoked as a user command  or
       by  the	system	as an incoming connection is established.  can also be
       invoked by the system when a previous user  shell  terminates  but  the
       terminal does not disconnect.

       If  is invoked as a command, it must replace the initial command inter‐
       preter (the user's login shell).	 This is accomplished with  the	 shell
       command

       The  user's login name is requested, if it is not specified on the com‐
       mand line, and the corresponding password  is  obtained,	 if  required,
       with the following prompts:

       Terminal	 echo  is turned off (where possible) during password entry to
       prevent written records of the password.	 If the account does not  have
       a  password,  and  the  authentication profile for the account requires
       one, invokes to establish one for the account.

       On a trusted system, displays  the  last	 successful  and  unsuccessful
       login  times  and  terminal  devices.  On a standard system, optionally
       displays the last successful and unsuccessful  login  times.   See  the
       attribute in security(4).

       As  a  security	precaution,  some  installations  use  an  option that
       requires a second "dialup" password.  This occurs only for dialup  con‐
       nections, and is requested with the prompt:

       Both  passwords	must be correct for a successful login (see dialups(4)
       for details on dialup security).

       If password aging is activated, the user's password may	have  expired.
       is  invoked  to change the password.  On a standard system, the user is
       required	 to  re-login  after  a	 successful   password	 change	  (see
       passwd(1)).

       After  three  unsuccessful  login  attempts,  a signal is issued.  If a
       login is not successfully completed within a  certain  period  of  time
       (for example, one minute), the terminal is silently disconnected.

       After  a	 successful  login, the accounting files are updated, user and
       group IDs, group access list, and working  directory  are  initialized,
       and  the	 user's	 command interpreter (shell) is determined from corre‐
       sponding user entries in the files and (see  passwd(4)  and  group(4)).
       If  does	 not  specify  a  shell for the user name, is used by default.
       then forks the appropriate shell by using the  last  component  of  the
       shell  path name preceded by a (for example, or When the command inter‐
       preter is invoked with its name preceded by a minus in this manner, the
       shell  performs its own initialization, including execution of profile,
       login, or other initialization scripts.

       For example, if the user login shell is the Korn or  POSIX  shell  (see
       ksh(1)  or  sh-posix(1),	 respectively), the shell executes the profile
       files and if they exist (and possibly others as	well).	 Depending  on
       what these profile files contain, messages regarding mail in the user's
       mail file or any messages the user may have received since  the	user's
       last login may be displayed.

       If  the command name field is a to the directory named in the directory
       field of the entry is performed.	 At that point, is re-executed at  the
       new  level, which must have its own root structure, including a command
       and an file.

       For the normal user, the basic environment variables  (see  environ(5))
       are initialized to:

       login_directory,	 login_name, and login_shell are taken from the corre‐
       sponding fields of the file entry (see passwd(4)).

       For superuser, is set to:

       In the case of a remote login, the environment variable is also set  to
       the remote user's terminal type.

       The  environment	 can  be  expanded or modified by supplying additional
       arguments to either at execution time or when requests the user's login
       name.  The arguments can take either the form value or where varname is
       a new or existing environment variable name and value is a value to  be
       assigned to the variable.

       An argument in the first form (without an equals sign) is placed in the
       environment as if it were entered in the form

       where n is a number starting at 0 that is incremented each time	a  new
       variable name is required.

       An argument in the second form (with an equals sign) is placed into the
       environment without modification.

       If the variable name or varname) already appears	 in  the  environment,
       the new value replaces the older one.

       There  are  two exceptions.  The variables and cannot be changed.  This
       prevents users logged in with restricted shell environments from spawn‐
       ing secondary shells that are not restricted.

       Both  and understand simple single-character quoting conventions.  Typ‐
       ing a backslash in front of a character quotes it and allows the inclu‐
       sion of such things as spaces and tabs.

       The user accounting database, is updated by the daemon (see utmpd(1M)).
       This is the database of currently logged-in users.

       If exists, all unsuccessful login attempts are  logged  to  that	 file.
       The  command,  (see  last(1)), displays a summary of bad login attempts
       for users with read access to

       If the file is present, login security is in effect, i.e.,  is  allowed
       to  log	in  successfully  only	on  the	 ttys  listed  in  this	 file.
       Restricted ttys are listed by device name, one  per  line.   Valid  tty
       names are dependent on the installation.	 An example is

	      etc.

       Note  that  this	 feature does not inhibit a normal user from using the
       command (see su(1)).

   HP-UX Smart Card Login
       If the user account is configured to use a Smart Card, the  user	 pass‐
       word  is stored in the card.  This password has characteristics identi‐
       cal to a normal password stored on the system.

       In order to login using a Smart Card account, the card must be inserted
       into  the  Smart Card reader.  The user is prompted for a PIN (personal
       identification number) instead of  a  password  during  authentication.
       The prompts are:

       The  password  is  retrieved  automatically  from the Smart Card when a
       valid PIN is entered.  Therefore, it is not necessary to know the pass‐
       word, only the PIN.

       The  card  is  locked  if an incorrect PIN is entered three consecutive
       times.  It may be unlocked only by the card issuer.

SECURITY FEATURES
       On a standard system, prohibits a user from logging in if  any  of  the
       following is true:

	 ·  The	 password for the account has expired and the user cannot suc‐
	    cessfully change the password.

	 ·  The password for the account has expired and the password was  not
	    changed  within  the specified number of days after the expiration
	    (see shadow(4)).

	 ·  The account lifetime has passed (see shadow(4)).

       On a trusted system, prohibits a user from logging in  if  any  of  the
       following is true:

	 ·  The	 password for the account has expired and the user cannot suc‐
	    cessfully change the password.

	 ·  The password lifetime for the account has passed.

	 ·  The time between the last login and the current time  exceeds  the
	    time allowed for login intervals.

	 ·  The administrative lock on the account has been set.

	 ·  The	 maximum number of unsuccessful login attempts for the account
	    has been exceeded.

	 ·  The maximum number of unsuccessful login attempts for the terminal
	    has been exceeded.

	 ·  The administrative lock on the terminal has been set.

	 ·  The	 terminal  has	an authorized user list and the user is not on
	    it.

	 ·  The terminal has time of day restrictions and the current time  is
	    not within the allowable period.

       On  a  trusted system, allows superuser to log in on the console unless
       exists and does not contain

       Refer to the file in the security(4) manpage for	 detailed  information
       on  configurable	 attributes  that affect the behavior of this command.
       Currently supported attributes are:

EXTERNAL INFLUENCES
   Environment Variables
       User's home directory.
       Where to look for mail.
       Path to be searched for commands.
       Which command interpreter is being used.
       User's terminal type.
       varname	 User-specified named variables.
       User-specified unnamed variables.

DIAGNOSTICS
       The following diagnostics appear if the associated condition occurs:

	      The personal equivalence file is a symbolic link.

	      The personal equivalence file is not owned by the local user  or
	      by a user with appropriate privileges.

	      failed (see setuid(2)).

	      failed (see setuid(2)).

	      Consult the system administrator.

	      The indicated string was too long for internal buffer.

	      User name and password cannot be matched.

	      Attempted	 to log in to a subdirectory root that does not have a
	      subroot login command.  That is, the file entry had  shell  path
	      but the system cannot find a command under the given home direc‐
	      tory.

	      Consult system administrator.

	      Attempted to log in to a subdirectory root that does not	exist.
	      That  is, the file entry had shell path but the system cannot to
	      the given home directory.

	      The user shell if shell name is null in  could  not  be  started
	      with the command.	 Consult system administrator.

	      Attempted	 to  execute  as  a  command without using the shell's
	      internal command or from other than the initial shell.  The cur‐
	      rent shell is terminated.

	      The indicated string was too long for internal buffer.

	      The indicated string was too long for internal buffer.

	      Cannot to the user's home directory.

	      Password aging is enabled and the user's password has expired.

WARNINGS
       If  is  linked to and group membership for the user trying to log in is
       managed by the Network Information Service (NIS), and no NIS server  is
       able to respond, waits until a server does respond.

       HP-UX  11i  Version  3  is  the last release to support trusted systems
       functionality.

DEPENDENCIES
   Pluggable Authentication Modules (PAM)
       PAM is an Open Group standard for user authentication, password modifi‐
       cation,	and validation of accounts.  In particular, is invoked to per‐
       form all functions related to This includes  retrieving	the  password,
       validating the account, and displaying error messages.  is invoked dur‐
       ing password expiration or establishment.

   HP Process Resource Manager
       If the optional HP Process Resource Manager (PRM) software is installed
       and  configured,	 the  login  shell  is	launched in the user's initial
       process resource group.	If the user's initial group  is	 not  defined,
       the  shell  runs	 in  the  user	default	 group	See prmconfig(1) for a
       description of how to configure HP PRM, and prmconf(4) for  a  descrip‐
       tion of how the user's initial process resource group is determined.

AUTHOR
       was developed by AT&T and HP.

FILES
       Personal profile (individual user initialization)
       Personal equivalence file for the remote login server.
       Dialup security encrypted passwords.
       Security defaults configuration file.
       Lines which require dialup security.
       System list of equivalent hosts allowing logins without passwords.
       Group file — defines group access lists.
       Message-of-the-day.
       Password file — defines users, passwords, and primary groups.
       System profile (initialization for all users).
       List of valid ttys for root login.
       Shadow Password file.
       The user accounting database, (see
			   utmpd(1M)).
       The trusted system password database.
       History of bad login attempts.
       History of logins, logouts, and date changes.
       Mailbox for user,	login_name.

SEE ALSO
       csh(1),	groups(1),  ksh(1),  last(1),  mail(1),	 newgrp(1), passwd(1),
       sh(1), sh-posix(1),  su(1),  getty(1M),	userstat(1M),  initgroups(3C),
       btmps(4),  dialups(4),  group(4),  passwd(4),  profile(4), security(4),
       shadow(4), utmpd(1M), wtmps(4), environ(5).

   HP Process Resource Manager
       prmconfig(1), prmconf(4) in

   Pluggable Authentication Modules (PAM)
       pam_acct_mgmt(3), pam_authenticate(3), pam_chauthtok(3).

   HP-UX Smart Card Login
       scpin(1), scsync(1).

								      login(1)
[top]

List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net