6057 login(1) "Last login" hostname is too short 6594 lastlog.h should be private Reviewed by: Dan McDonald <danmcd@omniti.com> Reviewed by: Gary Mills <gary_mills@fastmail.fm>
1 '\" te 2 .\" Copyright (C) 2008, Sun Microsystems, Inc. All Rights Reserved 3 .\" Portions Copyright (c) 1982-2007 AT&T Knowledge Ventures 4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. 5 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. 6 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] 7 .TH LOGIN 1 "Jan 7, 2008" 8 .SH NAME 9 login \- sign on to the system 10 .SH SYNOPSIS 11 .LP 12 .nf 13 \fBlogin\fR [\fB-p\fR] [\fB-d\fR \fIdevice\fR] [\fB-R\fR \fIrepository\fR] [\fB-s\fR \fIservice\fR] 14 [\fB-t\fR \fIterminal\fR] [\fB-u\fR \fIidentity\fR] [\fB-U\fR \fIruser\fR] 15 [\fB-h\fR \fIhostname\fR \fI[terminal]\fR | \fB-r\fR \fIhostname\fR] 16 [\fIname\fR [\fIenviron\fR]...] 17 .fi 18 19 .SH DESCRIPTION 20 .sp 21 .LP 22 The \fBlogin\fR command is used at the beginning of each terminal session to 23 identify oneself to the system. \fBlogin\fR is invoked by the system when a 24 connection is first established, after the previous user has terminated the 25 login shell by issuing the \fBexit\fR command. 26 .sp 27 .LP 28 If \fBlogin\fR is invoked as a command, it must replace the initial command 29 interpreter. To invoke \fBlogin\fR in this fashion, type: 30 .sp 31 .in +2 32 .nf 33 \fBexec login\fR 34 .fi 35 .in -2 36 .sp 37 38 .sp 39 .LP 40 from the initial shell. The C shell and Korn shell have their own built-ins of 41 \fBlogin\fR. See \fBksh\fR(1), \fBksh93\fR(1), and \fBcsh\fR(1) for 42 descriptions of login built-ins and usage. 43 .sp 44 .LP 45 \fBlogin\fR asks for your user name, if it is not supplied as an argument, and 46 your password, if appropriate. Where possible, echoing is turned off while you 47 type your password, so it does not appear on the written record of the session. 48 .sp 49 .LP 50 If you make any mistake in the login procedure, the message: 51 .sp 52 .in +2 53 .nf 54 Login incorrect 55 .fi 56 .in -2 57 .sp 58 59 .sp 60 .LP 61 is printed and a new login prompt appears. If you make five incorrect login 62 attempts, all five can be logged in \fB/var/adm/loginlog\fR, if it exists. The 63 \fBTTY\fR line is dropped. 64 .sp 65 .LP 66 If password aging is turned on and the password has aged (see \fBpasswd\fR(1) 67 for more information), the user is forced to changed the password. In this case 68 the \fB/etc/nsswitch.conf\fR file is consulted to determine password 69 repositories (see \fBnsswitch.conf\fR(4)). The password update configurations 70 supported are limited to the following five cases. 71 .RS +4 72 .TP 73 .ie t \(bu 74 .el o 75 \fBpasswd: files\fR 76 .RE 77 .RS +4 78 .TP 79 .ie t \(bu 80 .el o 81 \fBpasswd: files nis\fR 82 .RE 83 .RS +4 84 .TP 85 .ie t \(bu 86 .el o 87 \fBpasswd: files nisplus\fR 88 .RE 89 .RS +4 90 .TP 91 .ie t \(bu 92 .el o 93 \fBpasswd: compat\fR (==> files nis) 94 .RE 95 .RS +4 96 .TP 97 .ie t \(bu 98 .el o 99 \fBpasswd: compat\fR (==> files nisplus) 100 .sp 101 \fBpasswd_compat: nisplus\fR 102 .RE 103 .sp 104 .LP 105 Failure to comply with the configurations prevents the user from logging onto 106 the system because \fBpasswd\fR(1) fails. If you do not complete the login 107 successfully within a certain period of time, it is likely that you are 108 silently disconnected. 109 .sp 110 .LP 111 After a successful login, accounting files are updated. Device owner, group, 112 and permissions are set according to the contents of the 113 \fB/etc/logindevperm\fR file, and the time you last logged in is printed (see 114 \fBlogindevperm\fR(4)). 115 .sp 116 .LP 117 The user-ID, group-ID, supplementary group list, and working directory are 118 initialized, and the command interpreter (usually \fBksh\fR) is started. 119 .sp 120 .LP 121 The basic \fIenvironment\fR is initialized to: 122 .sp 123 .in +2 124 .nf 125 HOME=\fIyour-login-directory\fR 126 LOGNAME=\fIyour-login-name\fR 127 PATH=/usr/bin: 128 SHELL=\fIlast-field-of-passwd-entry\fR 129 MAIL=/var/mail/ 130 TZ=\fItimezone-specification\fR 131 .fi 132 .in -2 133 134 .sp 135 .LP 136 For Bourne shell and Korn shell logins, the shell executes \fB/etc/profile\fR 137 and \fB$HOME/.profile\fR, if it exists. 138 .sp 139 .LP 140 For the \fBksh93\fR Korn shell, an interactive shell then executes 141 \fB/etc/ksh.kshrc\fR, followed by the file specified by the \fBENV\fR 142 environment variable. If \fB$ENV\fR is not set, this defaults to 143 \fB$HOME/.kshrc\fR. For the \fBksh\fR and \fB/usr/xpg4/bin/sh\fR Korn Shell, an 144 interactive shell executes the file named by \fB$ENV\fR (no default). 145 .sp 146 .LP 147 For C shell logins, the shell executes \fB/etc/.login\fR, \fB$HOME/.cshrc\fR, 148 and \fB$HOME/.login\fR. The default \fB/etc/profile\fR and \fB/etc/.login\fR 149 files check quotas (see \fBquota\fR(1M)), print \fB/etc/motd\fR, and check for 150 mail. None of the messages are printed if the file \fB$HOME/.hushlogin\fR 151 exists. The name of the command interpreter is set to \fB\(mi\fR (dash), 152 followed by the last component of the interpreter's path name, for example, 153 \fB\(mish\fR\&. 154 .sp 155 .LP 156 If the \fIlogin-shell\fR field in the password file (see \fBpasswd\fR(4)) is 157 empty, then the default command interpreter, \fB/usr/bin/sh\fR, is used. If 158 this field is * (asterisk), then the named directory becomes the root 159 directory. At that point, \fBlogin\fR is re-executed at the new level, which 160 must have its own root structure. 161 .sp 162 .LP 163 The environment can be expanded or modified by supplying additional arguments 164 to \fBlogin\fR, either at execution time or when \fBlogin\fR requests your 165 login name. The arguments can take either the form \fIxxx\fR or \fIxxx=yyy\fR. 166 Arguments without an \fB=\fR (equal sign) are placed in the environment as: 167 .sp 168 .in +2 169 .nf 170 L\fIn=xxx\fR 171 .fi 172 .in -2 173 .sp 174 175 .sp 176 .LP 177 where \fIn\fR is a number starting at \fB0\fR and is incremented each time a 178 new variable name is required. Variables containing an \fB=\fR (equal sign) are 179 placed in the environment without modification. If they already appear in the 180 environment, then they replace the older values. 181 .sp 182 .LP 183 There are two exceptions: The variables \fBPATH\fR and \fBSHELL\fR cannot be 184 changed. This prevents people logged into restricted shell environments from 185 spawning secondary shells that are not restricted. \fBlogin\fR understands 186 simple single-character quoting conventions. Typing a \fB\e\fR\| (backslash) in 187 front of a character quotes it and allows the inclusion of such characters as 188 spaces and tabs. 189 .sp 190 .LP 191 Alternatively, you can pass the current environment by supplying the \fB-p\fR 192 flag to \fBlogin\fR. This flag indicates that all currently defined environment 193 variables should be passed, if possible, to the new environment. This option 194 does not bypass any environment variable restrictions mentioned above. 195 Environment variables specified on the login line take precedence, if a 196 variable is passed by both methods. 197 .sp 198 .LP 199 To enable remote logins by root, edit the \fB/etc/default/login\fR file by 200 inserting a \fB#\fR (pound sign) before the \fBCONSOLE=/dev/console\fR entry. 201 See FILES. 202 .SH SECURITY 203 .sp 204 .LP 205 For accounts in name services which support automatic account locking, the 206 account can be configured to be automatically locked (see \fBuser_attr\fR(4) 207 and \fBpolicy.conf\fR(4)) if successive failed login attempts equals or exceeds 208 \fBRETRIES\fR. Currently, only the files repository (see \fBpasswd\fR(4) and 209 \fBshadow\fR(4)) supports automatic account locking. See also 210 \fBpam_unix_auth\fR(5). 211 .sp 212 .LP 213 The \fBlogin\fR command uses \fBpam\fR(3PAM) for authentication, account 214 management, session management, and password management. The \fBPAM\fR 215 configuration policy, listed through \fB/etc/pam.conf\fR, specifies the modules 216 to be used for \fBlogin\fR. Here is a partial \fBpam.conf\fR file with entries 217 for the \fBlogin\fR command using the UNIX authentication, account management, 218 and session management modules: 219 .sp 220 .in +2 221 .nf 222 login auth required pam_authtok_get.so.1 223 login auth required pam_dhkeys.so.1 224 login auth required pam_unix_auth.so.1 225 login auth required pam_dial_auth.so.1 226 227 login account requisite pam_roles.so.1 228 login account required pam_unix_account.so.1 229 230 login session required pam_unix_session.so.1 231 .fi 232 .in -2 233 234 .sp 235 .LP 236 The Password Management stack looks like the following: 237 .sp 238 .in +2 239 .nf 240 other password required pam_dhkeys.so.1 241 other password requisite pam_authtok_get.so.1 242 other password requisite pam_authtok_check.so.1 243 other password required pam_authtok_store.so.1 244 .fi 245 .in -2 246 247 .sp 248 .LP 249 If there are no entries for the service, then the entries for the \fBother\fR 250 service is used. If multiple authentication modules are listed, then the user 251 can be prompted for multiple passwords. 252 .sp 253 .LP 254 When \fBlogin\fR is invoked through \fBrlogind\fR or \fBtelnetd\fR, the service 255 name used by \fBPAM\fR is \fBrlogin\fR or \fBtelnet\fR, respectively. 256 .SH OPTIONS 257 .sp 258 .LP 259 The following options are supported: 260 .sp 261 .ne 2 262 .na 263 \fB\fB-d\fR \fIdevice\fR\fR 264 .ad 265 .RS 26n 266 \fBlogin\fR accepts a device option, \fIdevice\fR. \fIdevice\fR is taken to be 267 the path name of the \fBTTY\fR port \fBlogin\fR is to operate on. The use of 268 the device option can be expected to improve \fBlogin\fR performance, since 269 \fBlogin\fR does not need to call \fBttyname\fR(3C). The \fB-d\fR option is 270 available only to users whose \fBUID\fR and effective \fBUID\fR are root. Any 271 other attempt to use \fB-d\fR causes \fBlogin\fR to quietly exit. 272 .RE 273 274 .sp 275 .ne 2 276 .na 277 \fB\fB-h\fR \fIhostname\fR [\fIterminal\fR]\fR 278 .ad 279 .RS 26n 280 Used by \fBin.telnetd\fR(1M) to pass information about the remote host and 281 terminal type. 282 .sp 283 Terminal type as a second argument to the \fB-h\fR option should not start with 284 a hyphen (\fB-\fR). 285 .RE 286 287 .sp 288 .ne 2 289 .na 290 \fB\fB-p\fR\fR 291 .ad 292 .RS 26n 293 Used to pass environment variables to the login shell. 294 .RE 295 296 .sp 297 .ne 2 298 .na 299 \fB\fB-r\fR \fIhostname\fR\fR 300 .ad 301 .RS 26n 302 Used by \fBin.rlogind\fR(1M) to pass information about the remote host. 303 .RE 304 305 .sp 306 .ne 2 307 .na 308 \fB\fB-R\fR \fIrepository\fR\fR 309 .ad 310 .RS 26n 311 Used to specify the \fBPAM\fR repository that should be used to tell \fBPAM\fR 312 about the "\fBidentity\fR" (see option \fB-u\fR below). If no "\fBidentity\fR" 313 information is passed, the repository is not used. 314 .RE 315 316 .sp 317 .ne 2 318 .na 319 \fB\fB-s\fR \fIservice\fR\fR 320 .ad 321 .RS 26n 322 Indicates the \fBPAM\fR service name that should be used. Normally, this 323 argument is not necessary and is used only for specifying alternative \fBPAM\fR 324 service names. For example: "\fBktelnet\fR" for the Kerberized telnet process. 325 .RE 326 327 .sp 328 .ne 2 329 .na 330 \fB\fB-u\fR \fIidentity\fR\fR 331 .ad 332 .RS 26n 333 Specifies the "\fBidentity\fR" string associated with the user who is being 334 authenticated. This usually is \fBnot\fR be the same as that user's Unix login 335 name. For Kerberized login sessions, this is the Kerberos principal name 336 associated with the user. 337 .RE 338 339 .sp 340 .ne 2 341 .na 342 \fB\fB-U\fR \fIruser\fR\fR 343 .ad 344 .RS 26n 345 Indicates the name of the person attempting to login on the remote side of the 346 rlogin connection. When \fBin.rlogind\fR(1M) is operating in Kerberized mode, 347 that daemon processes the terminal and remote user name information prior to 348 invoking \fBlogin\fR, so the "\fBruser\fR" data is indicated using this command 349 line parameter. Normally (non-Kerberos authenticated \fBrlogin\fR), the 350 \fBlogin\fR daemon reads the remote user information from the client. 351 .RE 352 353 .SH EXIT STATUS 354 .sp 355 .LP 356 The following exit values are returned: 357 .sp 358 .ne 2 359 .na 360 \fB\fB0\fR\fR 361 .ad 362 .RS 12n 363 Successful operation. 364 .RE 365 366 .sp 367 .ne 2 368 .na 369 \fBnon-zero\fR 370 .ad 371 .RS 12n 372 Error. 373 .RE 374 375 .SH FILES 376 .sp 377 .ne 2 378 .na 379 \fB\fB$HOME/.cshrc\fR\fR 380 .ad 381 .RS 23n 382 Initial commands for each \fBcsh\fR. 383 .RE 384 385 .sp 386 .ne 2 387 .na 388 \fB\fB$HOME/.hushlogin\fR\fR 389 .ad 390 .RS 23n 391 Suppresses login messages. 392 .RE 393 394 .sp 395 .ne 2 396 .na 397 \fB\fB$HOME/.kshrc\fR\fR 398 .ad 399 .RS 23n 400 User's commands for interactive \fBksh93\fR, if \fB$ENV\fR is unset; executes 401 after \fB/etc/ksh.kshrc\fR. 402 .RE 403 404 .sp 405 .ne 2 406 .na 407 \fB\fB$HOME/.login\fR\fR 408 .ad 409 .RS 23n 410 User's login commands for \fBcsh\fR. 411 .RE 412 413 .sp 414 .ne 2 415 .na 416 \fB\fB$HOME/.profile\fR\fR 417 .ad 418 .RS 23n 419 User's login commands for \fBsh\fR, \fBksh\fR, and \fBksh93\fR. 420 .RE 421 422 .sp 423 .ne 2 424 .na 425 \fB\fB$HOME/.rhosts\fR\fR 426 .ad 427 .RS 23n 428 Private list of trusted hostname/username combinations. 429 .RE 430 431 .sp 432 .ne 2 433 .na 434 \fB\fB/etc/.login\fR\fR 435 .ad 436 .RS 23n 437 System-wide \fBcsh\fR login commands. 438 .RE 439 440 .sp 441 .ne 2 442 .na 443 \fB\fB/etc/issue\fR\fR 444 .ad 445 .RS 23n 446 Issue or project identification. 447 .RE 448 449 .sp 450 .ne 2 451 .na 452 \fB\fB/etc/ksh.kshrc\fR\fR 453 .ad 454 .RS 23n 455 System-wide commands for interactive \fBksh93\fR. 456 .RE 457 458 .sp 459 .ne 2 460 .na 461 \fB\fB/etc/logindevperm\fR\fR 462 .ad 463 .RS 23n 464 Login-based device permissions. 465 .RE 466 467 .sp 468 .ne 2 469 .na 470 \fB\fB/etc/motd\fR\fR 471 .ad 472 .RS 23n 473 Message-of-the-day. 474 .RE 475 476 .sp 477 .ne 2 478 .na 479 \fB\fB/etc/nologin\fR\fR 480 .ad 481 .RS 23n 482 Message displayed to users attempting to login during machine shutdown. 483 .RE 484 485 .sp 486 .ne 2 487 .na 488 \fB\fB/etc/passwd\fR\fR 489 .ad 490 .RS 23n 491 Password file. 492 .RE 493 494 .sp 495 .ne 2 496 .na 497 \fB\fB/etc/profile\fR\fR 498 .ad 499 .RS 23n 500 System-wide \fBsh\fR, \fBksh\fR, and \fBksh93\fR login commands. 501 .RE 502 503 .sp 504 .ne 2 505 .na 506 \fB\fB/etc/shadow\fR\fR 507 .ad 508 .RS 23n 509 List of users' encrypted passwords. 510 .RE 511 512 .sp 513 .ne 2 514 .na 515 \fB\fB/usr/bin/sh\fR\fR 516 .ad 517 .RS 23n 518 User's default command interpreter. 519 .RE 520 521 .sp 522 .ne 2 523 .na 524 \fB\fB/var/adm/lastlog\fR\fR 525 .ad 526 .RS 23n 527 Time of last login. 528 .RE 529 530 .sp 531 .ne 2 532 .na 533 \fB\fB/var/adm/loginlog\fR\fR 534 .ad 535 .RS 23n 536 Record of failed login attempts. 537 .RE 538 539 .sp 540 .ne 2 541 .na 542 \fB\fB/var/adm/utmpx\fR\fR 543 .ad 544 .RS 23n 545 Accounting. 546 .RE 547 548 .sp 549 .ne 2 550 .na 551 \fB\fB/var/adm/wtmpx\fR\fR 552 .ad 553 .RS 23n 554 Accounting. 555 .RE 556 557 .sp 558 .ne 2 559 .na 560 \fB\fB/var/mail/\fR\fIyour-name\fR\fR 561 .ad 562 .RS 23n 563 Mailbox for user \fIyour-name\fR. 564 .RE 565 566 .sp 567 .ne 2 568 .na 569 \fB\fB/etc/default/login\fR\fR 570 .ad 571 .RS 23n 572 Default value can be set for the following flags in \fB/etc/default/login\fR. 573 Default values are specified as comments in the \fB/etc/default/login\fR file, 574 for example, \fBTIMEZONE=EST5EDT\fR. 575 .sp 576 .ne 2 577 .na 578 \fB\fBTIMEZONE\fR\fR 579 .ad 580 .RS 24n 581 Sets the \fBTZ\fR environment variable of the shell (see \fBenviron\fR(5)). 582 .RE 583 584 .sp 585 .ne 2 586 .na 587 \fB\fBHZ\fR\fR 588 .ad 589 .RS 24n 590 Sets the \fBHZ\fR environment variable of the shell. 591 .RE 592 593 .sp 594 .ne 2 595 .na 596 \fB\fBULIMIT\fR\fR 597 .ad 598 .RS 24n 599 Sets the file size limit for the login. Units are disk blocks. Default is zero 600 (no limit). 601 .RE 602 603 .sp 604 .ne 2 605 .na 606 \fB\fBCONSOLE\fR\fR 607 .ad 608 .RS 24n 609 If set, root can login on that device only. This does not prevent execution of 610 remote commands with \fBrsh\fR(1). Comment out this line to allow login by 611 root. 612 .RE 613 614 .sp 615 .ne 2 616 .na 617 \fB\fBPASSREQ\fR\fR 618 .ad 619 .RS 24n 620 Determines if login requires a non-null password. 621 .RE 622 623 .sp 624 .ne 2 625 .na 626 \fB\fBALTSHELL\fR\fR 627 .ad 628 .RS 24n 629 Determines if login should set the \fBSHELL\fR environment variable. 630 .RE 631 632 .sp 633 .ne 2 634 .na 635 \fB\fBPATH\fR\fR 636 .ad 637 .RS 24n 638 Sets the initial shell \fBPATH\fR variable. 639 .RE 640 641 .sp 642 .ne 2 643 .na 644 \fB\fBSUPATH\fR\fR 645 .ad 646 .RS 24n 647 Sets the initial shell \fBPATH\fR variable for root. 648 .RE 649 650 .sp 651 .ne 2 652 .na 653 \fB\fBTIMEOUT\fR\fR 654 .ad 655 .RS 24n 656 Sets the number of seconds (between \fB0\fR and \fB900\fR) to wait before 657 abandoning a login session. 658 .RE 659 660 .sp 661 .ne 2 662 .na 663 \fB\fBUMASK\fR\fR 664 .ad 665 .RS 24n 666 Sets the initial shell file creation mode mask. See \fBumask\fR(1). 667 .RE 668 669 .sp 670 .ne 2 671 .na 672 \fB\fBSYSLOG\fR\fR 673 .ad 674 .RS 24n 675 Determines whether the \fBsyslog\fR(3C) \fBLOG_AUTH\fR facility should be used 676 to log all root logins at level \fBLOG_NOTICE\fR and multiple failed login 677 attempts at\fBLOG_CRIT\fR. 678 .RE 679 680 .sp 681 .ne 2 682 .na 683 \fB\fBDISABLETIME\fR\fR 684 .ad 685 .RS 24n 686 If present, and greater than zero, the number of seconds that \fBlogin\fR waits 687 after \fBRETRIES\fR failed attempts or the \fBPAM \fRframework returns 688 \fBPAM_ABORT\fR. Default is \fB20\fR seconds. Minimum is \fB0\fR seconds. No 689 maximum is imposed. 690 .RE 691 692 .sp 693 .ne 2 694 .na 695 \fB\fBSLEEPTIME\fR\fR 696 .ad 697 .RS 24n 698 If present, sets the number of seconds to wait before the login failure message 699 is printed to the screen. This is for any login failure other than 700 \fBPAM_ABORT\fR. Another login attempt is allowed, providing \fBRETRIES\fR has 701 not been reached or the \fBPAM\fR framework is returned \fBPAM_MAXTRIES\fR. 702 Default is \fB4\fR seconds. Minimum is \fB0\fR seconds. Maximum is \fB5\fR 703 seconds. 704 .sp 705 Both \fBsu\fR(1M) and \fBsulogin\fR(1M) are affected by the value of 706 \fBSLEEPTIME\fR. 707 .RE 708 709 .sp 710 .ne 2 711 .na 712 \fB\fBRETRIES\fR\fR 713 .ad 714 .RS 24n 715 Sets the number of retries for logging in (see \fBpam\fR(3PAM)). The default is 716 5. The maximum number of retries is 15. For accounts configured with automatic 717 locking (see \fBSECURITY\fR above), the account is locked and \fBlogin\fR 718 exits. If automatic locking has not been configured, \fBlogin\fR exits without 719 locking the account. 720 .RE 721 722 .sp 723 .ne 2 724 .na 725 \fB\fBSYSLOG_FAILED_LOGINS\fR\fR 726 .ad 727 .RS 24n 728 Used to determine how many failed login attempts are allowed by the system 729 before a failed login message is logged, using the \fBsyslog\fR(3C) 730 \fBLOG_NOTICE\fR facility. For example, if the variable is set to \fB0\fR, 731 \fBlogin\fR logs \fIall\fR failed login attempts. 732 .RE 733 734 .RE 735 736 .SH ATTRIBUTES 737 .sp 738 .LP 739 See \fBattributes\fR(5) for descriptions of the following attributes: 740 .sp 741 742 .sp 743 .TS 744 box; 745 c | c 746 l | l . 747 ATTRIBUTE TYPE ATTRIBUTE VALUE 748 _ 749 Interface Stability Committed 750 .TE 751 752 .SH SEE ALSO 753 .sp 754 .LP 755 \fBcsh\fR(1), \fBexit\fR(1), \fBksh\fR(1), \fBksh93\fR(1), \fBmail\fR(1), 756 \fBmailx\fR(1), \fBnewgrp\fR(1), \fBpasswd\fR(1), \fBrlogin\fR(1), 757 \fBrsh\fR(1), \fBsh\fR(1), \fBshell_builtins\fR(1), \fBtelnet\fR(1), 758 \fBumask\fR(1), \fBin.rlogind\fR(1M), \fBin.telnetd\fR(1M), \fBlogins\fR(1M), 759 \fBquota\fR(1M), \fBsu\fR(1M), \fBsulogin\fR(1M), \fBsyslogd\fR(1M), 760 \fBuseradd\fR(1M), \fBuserdel\fR(1M), \fBpam\fR(3PAM), \fBrcmd\fR(3SOCKET), 761 \fBsyslog\fR(3C), \fBttyname\fR(3C), \fBauth_attr\fR(4), \fBexec_attr\fR(4), 762 \fBhosts.equiv\fR(4), \fBissue\fR(4), \fBlogindevperm\fR(4), \fBloginlog\fR(4), 763 \fBnologin\fR(4), \fBnsswitch.conf\fR(4), \fBpam.conf\fR(4), \fBpasswd\fR(4), 764 \fBpolicy.conf\fR(4), \fBprofile\fR(4), \fBshadow\fR(4), \fBuser_attr\fR(4), 765 \fButmpx\fR(4), \fBwtmpx\fR(4), \fBattributes\fR(5), \fBenviron\fR(5), 766 \fBpam_unix_account\fR(5), \fBpam_unix_auth\fR(5), \fBpam_unix_session\fR(5), 767 \fBpam_authtok_check\fR(5), \fBpam_authtok_get\fR(5), 768 \fBpam_authtok_store\fR(5), \fBpam_dhkeys\fR(5), \fBpam_passwd_auth\fR(5), 769 \fBtermio\fR(7I) 770 .SH DIAGNOSTICS 771 .sp 772 .ne 2 773 .na 774 \fB\fBLogin incorrect\fR\fR 775 .ad 776 .sp .6 777 .RS 4n 778 The user name or the password cannot be matched. 779 .RE 780 781 .sp 782 .ne 2 783 .na 784 \fB\fBNot on system console\fR\fR 785 .ad 786 .sp .6 787 .RS 4n 788 Root login denied. Check the \fBCONSOLE\fR setting in \fB/etc/default/login\fR. 789 .RE 790 791 .sp 792 .ne 2 793 .na 794 \fB\fBNo directory! Logging in with home=/\fR\fR 795 .ad 796 .sp .6 797 .RS 4n 798 The user's home directory named in the \fBpasswd\fR(4) database cannot be found 799 or has the wrong permissions. Contact your system administrator. 800 .RE 801 802 .sp 803 .ne 2 804 .na 805 \fB\fBNo shell\fR\fR 806 .ad 807 .sp .6 808 .RS 4n 809 Cannot execute the shell named in the \fBpasswd\fR(4) database. Contact your 810 system administrator. 811 .RE 812 813 .sp 814 .ne 2 815 .na 816 \fB\fBNO LOGINS: System going down in\fR \fIN\fR \fBminutes\fR\fR 817 .ad 818 .sp .6 819 .RS 4n 820 The machine is in the process of being shut down and logins have been disabled. 821 .RE 822 823 .SH WARNINGS 824 .sp 825 .LP 826 Users with a \fBUID\fR greater than 76695844 are not subject to password aging, 827 and the system does not record their last login time. 828 .sp 829 .LP 830 If you use the \fBCONSOLE\fR setting to disable root logins, you should arrange 831 that remote command execution by root is also disabled. See \fBrsh\fR(1), 832 \fBrcmd\fR(3SOCKET), and \fBhosts.equiv\fR(4) for further details. 833 .SH NOTES 834 .sp 835 .LP 836 The \fBpam_unix\fR(5) module is no longer supported. Similar functionality is 837 provided by \fBpam_unix_account\fR(5), \fBpam_unix_auth\fR(5), 838 \fBpam_unix_session\fR(5), \fBpam_authtok_check\fR(5), 839 \fBpam_authtok_get\fR(5), \fBpam_authtok_store\fR(5), \fBpam_dhkeys\fR(5), and 840 \fBpam_passwd_auth\fR(5). --- EOF ---