[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]

Commands Reference, Volume 3


login Command

Purpose

Initiates a user session.

Syntax

login [ -h HostName ] [ -p ] [ -f User ] [ User [ Environment ] ]

Description

The login command (part of the tsm command) initiates sessions on the system for the user specified by the User parameter. You can also specify environment variables to be added to the user's environment. These are strings of the form Variable=Value. The login command is not normally entered on the command line.

Notes:
  1. The PATH, IFS, HOME, and SHELL environment variables may not be initialized from the command line.
  2. The login command supports multibyte user names. It is recommended that the system administrator restrict the user names to characters within the portable character set to remove any ambiguity.
  3. If the /etc/nologin file exists, the system prevents the user from logging in and displays the contents of the /etc/nologin file. The system does allow the root user to log in if this file exists. The /etc/nologin file is removed when you reboot the system.

The login command can handle Distributed Computing Environment (DCE) user names of up to 1024 characters. DCE user names are stored in the LOGIN environment variable. Because DCE user names do not conform to standard operating system requirements, the first 8 characters of the DCE user name are stored in all standard operating system files and environments.

The login command performs the following functions:

Checks accounts The login command validates the user's account, ensuring authentication, logins enabled properly, and correct capacity for the port used for the login.
Authenticates users The login command verifies the user's identity by using the system defined authentication methods for each user. If a password has expired, the user must supply a new password. If secondary authentication methods are defined, these methods are invoked but need not be successful in order to log in to the system.
Establishes credentials The login command establishes the initial credentials for the user from the user database. These credentials define the user's access rights and accountability on the system.
Initiates a session The login command initializes the user environment from the user database, from the command line, and from the /etc/environment configuration file; changes the current directory to the user's home directory (normally); and runs the user's initial program.

These functions are performed in the order given; if one fails, the functions that follow are not performed.

When a user logs in successfully, the login command makes entries in the /etc/utmp file that tracks current user logins and the /var/adm/wtmp file that is used for accounting purposes. The login command also sets the LOGIN and LOGNAME environment variables.

Information pertaining to each unsuccessful login is recorded in the /etc/security/failedlogin file. The information stored is the same as that in the /etc/utmp file, except that unrecognizable user names are logged as UNKNOWN_USER. This ensures that a password accidentally entered as a user name, for example, is not allowed into the system unencrypted.

After a successful login, the login command displays the message of the day, the date and time of the last successful and unsuccessful login attempts for this account, and the total number of unsuccessful login attempts for this account since the last successful login. These messages are suppressed if there is a .hushlogin file in your home directory.

The login command also changes the ownership of the login port to the user. This includes any ports noted as synonyms in the /etc/security/login.cfg file.

In order to preserve the integrity of the system, only one session at a time is allowed to be logged in to a port. This means that the login command entered from the shell prompt cannot succeed, as both the original session and the new login session would be on the same port. However, the exec login command succeeds because a new shell replaces the current one. The login command is typically a built-in shell command, causing the shell to replace itself.

Note: Unless your terminal displays only uppercase letters, your user name should not consist of uppercase letters exclusively.

To log in with multibyte user names, you must first open a Japanese window (aixterm) and initiate a new login from the Japanese window.

Flags


-f User Identifies a user who has already been authenticated. If the real ID of the login process is root (0), then the user is not authenticated.
-h HostName Identifies the login as a remote login and specifies with the HostName variable the name of the machine requesting the login. This form of the login is used only by the telnetd and rlogind daemons.
-p Preserves the current terminal type by setting it the value of the $TERM environment variable instead of the type contained in the CuAt/PdAt object classes database.

Security

Access Control: This command sets the setuid permission to the root user, grants executable (x) permission to any user, and is in the Trusted Computing Base.

Examples

To log in to the system as user jamesd, enter the following at the login prompt:

login: jamesd

If a password is defined, the password prompt appears. Enter your password at this prompt.

Files


/usr/sbin/login Contains the login command.
/etc/utmp Contains accounting information.
/var/adm/wtmp Contains accounting information.
/etc/motd Contains the message of the day.
/etc/passwd Contains passwords.
$HOME/.hushlogin Suppresses login messages.
/etc/environment Contains user environment configuration information.
/etc/security/login.cfg Contains port synonyms.
/etc/security/lastlog Contains information pertaining to the most recent successful and unsuccessful login attempts.
/etc/security/failedlogin Contains information pertaining to each unsuccessful login.

Related Information

The getty command, setgroups command, setsenv command, su command tsm command.

The utmp, wtmp, failedlogin file format, lastlog file format.

The authenticate subroutine, setuid subroutine.

Suppressing Login Messages in AIX 5L Version 5.1 System User's Guide: Operating System and Devices.

Login and Logout Overview in AIX 5L Version 5.1 System User's Guide: Operating System and Devices.

Shells Overview in AIX 5L Version 5.1 System User's Guide: Operating System and Devices describes what shells are, the different types of shells, and how shells affect the way commands are interpreted.


[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]