.\"	$NetBSD: login.1,v 1.30 2008/11/19 17:56:53 ginsbach Exp $
.\"
.\" Copyright (c) 1980, 1990, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"	@(#)login.1	8.2 (Berkeley) 5/5/94
.\"
.Dd November 19, 2008
.Dt LOGIN 1
.Os
.Sh NAME
.Nm login
.Nd authenticate users and set up their session environment
.Sh SYNOPSIS
.Nm
.Op Fl Ffps
.Op Fl a Ar address
.Op Fl h Ar hostname
.Op Ar user
.Sh DESCRIPTION
The
.Nm
utility logs users (and pseudo-users) into the computer system.
.Pp
If no user is specified, or if a user is specified and authentication
of the user fails,
.Nm
prompts for a user name.
Authentication of users is done via passwords.
If the user can be authenticated via
.Tn S/Key ,
then the
.Tn S/Key
challenge is incorporated in the password prompt.
The user then has the option of entering their Kerberos or normal
password or the
.Tn S/Key
response.
Neither will be echoed.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl a
The
.Fl a
option specifies the address of the host from which the connection was received.
It is used by various daemons such as
.Xr telnetd 8 .
This option may only be used by the super-user.
.It Fl F
The
.Fl F
option acts like the
.Fl f
option, but also indicates to
.Nm
that it should attempt to rewrite an existing Kerberos 5 credentials cache
(specified by the KRB5CCNAME environment variable) after dropping
permissions to the user logging in.
This flag is not supported under
.Xr pam 8 .
.It Fl f
The
.Fl f
option is used when a user name is specified to indicate that proper
authentication has already been done and that no password need be
requested.
This option may only be used by the super-user or when an already
logged in user is logging in as themselves.
.It Fl h
The
.Fl h
option specifies the host from which the connection was received.
It is used by various daemons such as
.Xr telnetd 8 .
This option may only be used by the super-user.
.It Fl p
By default,
.Nm
discards any previous environment.
The
.Fl p
option disables this behavior.
.It Fl s
Require a secure authentication mechanism like
.Tn Kerberos
or
.Tn S/Key
to be used.
This flag is not supported under
.Xr pam 8 .
.El
.Pp
If a user other than the superuser attempts to login while the file
.Pa /etc/nologin
exists,
.Nm
displays its contents to the user and exits.
This is used by
.Xr shutdown 8
to prevent normal users from logging in when the system is about to go down.
.Pp
Immediately after logging a user in,
.Nm
displays the system copyright notice, the date and time the user last
logged in, the message of the day as well as other information.
If the file
.Dq Pa .hushlogin
exists in the user's home directory, all of these messages are suppressed.
This is to simplify logins for non-human users.
.Nm
then records an entry in the
.Xr wtmp 5
and
.Xr utmp 5
files, executes site-specific login commands via the
.Xr ttyaction 3
facility with an action of "login", and executes the user's command
interpreter.
.Pp
.Nm
enters information into the environment (see
.Xr environ 7 )
specifying the user's home directory (HOME), command interpreter (SHELL),
search path (PATH), terminal type (TERM) and user name (both LOGNAME and
USER).
.Pp
The user's login experience can be customized using
login class capabilities as configured in
.Pa /etc/login.conf
and documented in
.Xr login.conf 5 .
.Pp
The standard shells,
.Xr csh 1
and
.Xr sh 1 ,
do not fork before executing the
.Nm
utility.
.Sh FILES
.Bl -tag -width /var/mail/userXXX -compact
.It Pa /etc/login.conf
login class capability database
.It Pa /etc/motd
message-of-the-day
.It Pa /etc/nologin
disallows non-superuser logins
.It Pa /var/run/utmp
list of current logins
.It Pa /var/log/lastlog
last login account records
.It Pa /var/log/wtmp
login account records
.It Pa /var/mail/user
system mailboxes
.It Pa \&.hushlogin
makes login quieter
.El
.Sh SEE ALSO
.Xr chpass 1 ,
.Xr newgrp 1 ,
.Xr passwd 1 ,
.Xr rlogin 1 ,
.Xr skey 1 ,
.Xr getpass 3 ,
.Xr ttyaction 3 ,
.Xr login.conf 5 ,
.Xr passwd.conf 5 ,
.Xr utmp 5 ,
.Xr environ 7 ,
.Xr kerberos 8 ,
.Xr pam 8
.Sh HISTORY
A
.Nm
appeared in
.At v6 .
.Sh TRADEMARKS AND PATENTS
.Tn S/Key
is a trademark of
.Tn Bellcore .