1 '\" te
2 .\" Copyright (C) 2008, Sun Microsystems, Inc. All Rights Reserved
3 .\" Portions Copyright (c) 1982-2007 AT&T Knowledge Ventures
4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
5 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
6 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
7 .TH LOGIN 1 "Jan 7, 2008"
8 .SH NAME
9 login \- sign on to the system
10 .SH SYNOPSIS
11 .LP
12 .nf
13 \fBlogin\fR [\fB-p\fR] [\fB-d\fR \fIdevice\fR] [\fB-R\fR \fIrepository\fR] [\fB-s\fR \fIservice\fR]
14 [\fB-t\fR \fIterminal\fR] [\fB-u\fR \fIidentity\fR] [\fB-U\fR \fIruser\fR]
15 [\fB-h\fR \fIhostname\fR \fI[terminal]\fR | \fB-r\fR \fIhostname\fR]
16 [\fIname\fR [\fIenviron\fR]...]
17 .fi
18
19 .SH DESCRIPTION
20 .sp
21 .LP
22 The \fBlogin\fR command is used at the beginning of each terminal session to
23 identify oneself to the system. \fBlogin\fR is invoked by the system when a
24 connection is first established, after the previous user has terminated the
25 login shell by issuing the \fBexit\fR command.
26 .sp
27 .LP
28 If \fBlogin\fR is invoked as a command, it must replace the initial command
29 interpreter. To invoke \fBlogin\fR in this fashion, type:
30 .sp
31 .in +2
32 .nf
33 \fBexec login\fR
34 .fi
35 .in -2
36 .sp
37
38 .sp
39 .LP
40 from the initial shell. The C shell and Korn shell have their own built-ins of
183 There are two exceptions: The variables \fBPATH\fR and \fBSHELL\fR cannot be
184 changed. This prevents people logged into restricted shell environments from
185 spawning secondary shells that are not restricted. \fBlogin\fR understands
186 simple single-character quoting conventions. Typing a \fB\e\fR\| (backslash) in
187 front of a character quotes it and allows the inclusion of such characters as
188 spaces and tabs.
189 .sp
190 .LP
191 Alternatively, you can pass the current environment by supplying the \fB-p\fR
192 flag to \fBlogin\fR. This flag indicates that all currently defined environment
193 variables should be passed, if possible, to the new environment. This option
194 does not bypass any environment variable restrictions mentioned above.
195 Environment variables specified on the login line take precedence, if a
196 variable is passed by both methods.
197 .sp
198 .LP
199 To enable remote logins by root, edit the \fB/etc/default/login\fR file by
200 inserting a \fB#\fR (pound sign) before the \fBCONSOLE=/dev/console\fR entry.
201 See FILES.
202 .SH SECURITY
203 .sp
204 .LP
205 For accounts in name services which support automatic account locking, the
206 account can be configured to be automatically locked (see \fBuser_attr\fR(4)
207 and \fBpolicy.conf\fR(4)) if successive failed login attempts equals or exceeds
208 \fBRETRIES\fR. Currently, only the files repository (see \fBpasswd\fR(4) and
209 \fBshadow\fR(4)) supports automatic account locking. See also
210 \fBpam_unix_auth\fR(5).
211 .sp
212 .LP
213 The \fBlogin\fR command uses \fBpam\fR(3PAM) for authentication, account
214 management, session management, and password management. The \fBPAM\fR
215 configuration policy, listed through \fB/etc/pam.conf\fR, specifies the modules
216 to be used for \fBlogin\fR. Here is a partial \fBpam.conf\fR file with entries
217 for the \fBlogin\fR command using the UNIX authentication, account management,
218 and session management modules:
219 .sp
220 .in +2
221 .nf
222 login auth required pam_authtok_get.so.1
223 login auth required pam_dhkeys.so.1
237 .sp
238 .in +2
239 .nf
240 other password required pam_dhkeys.so.1
241 other password requisite pam_authtok_get.so.1
242 other password requisite pam_authtok_check.so.1
243 other password required pam_authtok_store.so.1
244 .fi
245 .in -2
246
247 .sp
248 .LP
249 If there are no entries for the service, then the entries for the \fBother\fR
250 service is used. If multiple authentication modules are listed, then the user
251 can be prompted for multiple passwords.
252 .sp
253 .LP
254 When \fBlogin\fR is invoked through \fBrlogind\fR or \fBtelnetd\fR, the service
255 name used by \fBPAM\fR is \fBrlogin\fR or \fBtelnet\fR, respectively.
256 .SH OPTIONS
257 .sp
258 .LP
259 The following options are supported:
260 .sp
261 .ne 2
262 .na
263 \fB\fB-d\fR \fIdevice\fR\fR
264 .ad
265 .RS 26n
266 \fBlogin\fR accepts a device option, \fIdevice\fR. \fIdevice\fR is taken to be
267 the path name of the \fBTTY\fR port \fBlogin\fR is to operate on. The use of
268 the device option can be expected to improve \fBlogin\fR performance, since
269 \fBlogin\fR does not need to call \fBttyname\fR(3C). The \fB-d\fR option is
270 available only to users whose \fBUID\fR and effective \fBUID\fR are root. Any
271 other attempt to use \fB-d\fR causes \fBlogin\fR to quietly exit.
272 .RE
273
274 .sp
275 .ne 2
276 .na
277 \fB\fB-h\fR \fIhostname\fR [\fIterminal\fR]\fR
334 authenticated. This usually is \fBnot\fR be the same as that user's Unix login
335 name. For Kerberized login sessions, this is the Kerberos principal name
336 associated with the user.
337 .RE
338
339 .sp
340 .ne 2
341 .na
342 \fB\fB-U\fR \fIruser\fR\fR
343 .ad
344 .RS 26n
345 Indicates the name of the person attempting to login on the remote side of the
346 rlogin connection. When \fBin.rlogind\fR(1M) is operating in Kerberized mode,
347 that daemon processes the terminal and remote user name information prior to
348 invoking \fBlogin\fR, so the "\fBruser\fR" data is indicated using this command
349 line parameter. Normally (non-Kerberos authenticated \fBrlogin\fR), the
350 \fBlogin\fR daemon reads the remote user information from the client.
351 .RE
352
353 .SH EXIT STATUS
354 .sp
355 .LP
356 The following exit values are returned:
357 .sp
358 .ne 2
359 .na
360 \fB\fB0\fR\fR
361 .ad
362 .RS 12n
363 Successful operation.
364 .RE
365
366 .sp
367 .ne 2
368 .na
369 \fBnon-zero\fR
370 .ad
371 .RS 12n
372 Error.
373 .RE
374
375 .SH FILES
376 .sp
377 .ne 2
378 .na
379 \fB\fB$HOME/.cshrc\fR\fR
380 .ad
381 .RS 23n
382 Initial commands for each \fBcsh\fR.
383 .RE
384
385 .sp
386 .ne 2
387 .na
388 \fB\fB$HOME/.hushlogin\fR\fR
389 .ad
390 .RS 23n
391 Suppresses login messages.
392 .RE
393
394 .sp
395 .ne 2
396 .na
504 .ne 2
505 .na
506 \fB\fB/etc/shadow\fR\fR
507 .ad
508 .RS 23n
509 List of users' encrypted passwords.
510 .RE
511
512 .sp
513 .ne 2
514 .na
515 \fB\fB/usr/bin/sh\fR\fR
516 .ad
517 .RS 23n
518 User's default command interpreter.
519 .RE
520
521 .sp
522 .ne 2
523 .na
524 \fB\fB/var/adm/lastlog\fR\fR
525 .ad
526 .RS 23n
527 Time of last login.
528 .RE
529
530 .sp
531 .ne 2
532 .na
533 \fB\fB/var/adm/loginlog\fR\fR
534 .ad
535 .RS 23n
536 Record of failed login attempts.
537 .RE
538
539 .sp
540 .ne 2
541 .na
542 \fB\fB/var/adm/utmpx\fR\fR
543 .ad
544 .RS 23n
717 locking (see \fBSECURITY\fR above), the account is locked and \fBlogin\fR
718 exits. If automatic locking has not been configured, \fBlogin\fR exits without
719 locking the account.
720 .RE
721
722 .sp
723 .ne 2
724 .na
725 \fB\fBSYSLOG_FAILED_LOGINS\fR\fR
726 .ad
727 .RS 24n
728 Used to determine how many failed login attempts are allowed by the system
729 before a failed login message is logged, using the \fBsyslog\fR(3C)
730 \fBLOG_NOTICE\fR facility. For example, if the variable is set to \fB0\fR,
731 \fBlogin\fR logs \fIall\fR failed login attempts.
732 .RE
733
734 .RE
735
736 .SH ATTRIBUTES
737 .sp
738 .LP
739 See \fBattributes\fR(5) for descriptions of the following attributes:
740 .sp
741
742 .sp
743 .TS
744 box;
745 c | c
746 l | l .
747 ATTRIBUTE TYPE ATTRIBUTE VALUE
748 _
749 Interface Stability Committed
750 .TE
751
752 .SH SEE ALSO
753 .sp
754 .LP
755 \fBcsh\fR(1), \fBexit\fR(1), \fBksh\fR(1), \fBksh93\fR(1), \fBmail\fR(1),
756 \fBmailx\fR(1), \fBnewgrp\fR(1), \fBpasswd\fR(1), \fBrlogin\fR(1),
757 \fBrsh\fR(1), \fBsh\fR(1), \fBshell_builtins\fR(1), \fBtelnet\fR(1),
758 \fBumask\fR(1), \fBin.rlogind\fR(1M), \fBin.telnetd\fR(1M), \fBlogins\fR(1M),
759 \fBquota\fR(1M), \fBsu\fR(1M), \fBsulogin\fR(1M), \fBsyslogd\fR(1M),
760 \fBuseradd\fR(1M), \fBuserdel\fR(1M), \fBpam\fR(3PAM), \fBrcmd\fR(3SOCKET),
761 \fBsyslog\fR(3C), \fBttyname\fR(3C), \fBauth_attr\fR(4), \fBexec_attr\fR(4),
762 \fBhosts.equiv\fR(4), \fBissue\fR(4), \fBlogindevperm\fR(4), \fBloginlog\fR(4),
763 \fBnologin\fR(4), \fBnsswitch.conf\fR(4), \fBpam.conf\fR(4), \fBpasswd\fR(4),
764 \fBpolicy.conf\fR(4), \fBprofile\fR(4), \fBshadow\fR(4), \fBuser_attr\fR(4),
765 \fButmpx\fR(4), \fBwtmpx\fR(4), \fBattributes\fR(5), \fBenviron\fR(5),
766 \fBpam_unix_account\fR(5), \fBpam_unix_auth\fR(5), \fBpam_unix_session\fR(5),
767 \fBpam_authtok_check\fR(5), \fBpam_authtok_get\fR(5),
768 \fBpam_authtok_store\fR(5), \fBpam_dhkeys\fR(5), \fBpam_passwd_auth\fR(5),
769 \fBtermio\fR(7I)
770 .SH DIAGNOSTICS
771 .sp
772 .ne 2
773 .na
774 \fB\fBLogin incorrect\fR\fR
775 .ad
776 .sp .6
777 .RS 4n
778 The user name or the password cannot be matched.
779 .RE
780
781 .sp
782 .ne 2
783 .na
784 \fB\fBNot on system console\fR\fR
785 .ad
786 .sp .6
787 .RS 4n
788 Root login denied. Check the \fBCONSOLE\fR setting in \fB/etc/default/login\fR.
789 .RE
790
791 .sp
804 .na
805 \fB\fBNo shell\fR\fR
806 .ad
807 .sp .6
808 .RS 4n
809 Cannot execute the shell named in the \fBpasswd\fR(4) database. Contact your
810 system administrator.
811 .RE
812
813 .sp
814 .ne 2
815 .na
816 \fB\fBNO LOGINS: System going down in\fR \fIN\fR \fBminutes\fR\fR
817 .ad
818 .sp .6
819 .RS 4n
820 The machine is in the process of being shut down and logins have been disabled.
821 .RE
822
823 .SH WARNINGS
824 .sp
825 .LP
826 Users with a \fBUID\fR greater than 76695844 are not subject to password aging,
827 and the system does not record their last login time.
828 .sp
829 .LP
830 If you use the \fBCONSOLE\fR setting to disable root logins, you should arrange
831 that remote command execution by root is also disabled. See \fBrsh\fR(1),
832 \fBrcmd\fR(3SOCKET), and \fBhosts.equiv\fR(4) for further details.
833 .SH NOTES
834 .sp
835 .LP
836 The \fBpam_unix\fR(5) module is no longer supported. Similar functionality is
837 provided by \fBpam_unix_account\fR(5), \fBpam_unix_auth\fR(5),
838 \fBpam_unix_session\fR(5), \fBpam_authtok_check\fR(5),
839 \fBpam_authtok_get\fR(5), \fBpam_authtok_store\fR(5), \fBpam_dhkeys\fR(5), and
840 \fBpam_passwd_auth\fR(5).
|
1 '\" te
2 .\" Copyright (C) 2008, Sun Microsystems, Inc. All Rights Reserved
3 .\" Portions Copyright (c) 1982-2007 AT&T Knowledge Ventures
4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
5 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
6 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
7 .TH LOGIN 1 "Nov 9, 2015"
8 .SH NAME
9 login \- sign on to the system
10 .SH SYNOPSIS
11 .LP
12 .nf
13 \fBlogin\fR [\fB-p\fR] [\fB-d\fR \fIdevice\fR] [\fB-R\fR \fIrepository\fR] [\fB-s\fR \fIservice\fR]
14 [\fB-t\fR \fIterminal\fR] [\fB-u\fR \fIidentity\fR] [\fB-U\fR \fIruser\fR]
15 [\fB-h\fR \fIhostname\fR \fI[terminal]\fR | \fB-r\fR \fIhostname\fR]
16 [\fIname\fR [\fIenviron\fR]...]
17 .fi
18
19 .SH DESCRIPTION
20 .LP
21 The \fBlogin\fR command is used at the beginning of each terminal session to
22 identify oneself to the system. \fBlogin\fR is invoked by the system when a
23 connection is first established, after the previous user has terminated the
24 login shell by issuing the \fBexit\fR command.
25 .sp
26 .LP
27 If \fBlogin\fR is invoked as a command, it must replace the initial command
28 interpreter. To invoke \fBlogin\fR in this fashion, type:
29 .sp
30 .in +2
31 .nf
32 \fBexec login\fR
33 .fi
34 .in -2
35 .sp
36
37 .sp
38 .LP
39 from the initial shell. The C shell and Korn shell have their own built-ins of
182 There are two exceptions: The variables \fBPATH\fR and \fBSHELL\fR cannot be
183 changed. This prevents people logged into restricted shell environments from
184 spawning secondary shells that are not restricted. \fBlogin\fR understands
185 simple single-character quoting conventions. Typing a \fB\e\fR\| (backslash) in
186 front of a character quotes it and allows the inclusion of such characters as
187 spaces and tabs.
188 .sp
189 .LP
190 Alternatively, you can pass the current environment by supplying the \fB-p\fR
191 flag to \fBlogin\fR. This flag indicates that all currently defined environment
192 variables should be passed, if possible, to the new environment. This option
193 does not bypass any environment variable restrictions mentioned above.
194 Environment variables specified on the login line take precedence, if a
195 variable is passed by both methods.
196 .sp
197 .LP
198 To enable remote logins by root, edit the \fB/etc/default/login\fR file by
199 inserting a \fB#\fR (pound sign) before the \fBCONSOLE=/dev/console\fR entry.
200 See FILES.
201 .SH SECURITY
202 .LP
203 For accounts in name services which support automatic account locking, the
204 account can be configured to be automatically locked (see \fBuser_attr\fR(4)
205 and \fBpolicy.conf\fR(4)) if successive failed login attempts equals or exceeds
206 \fBRETRIES\fR. Currently, only the files repository (see \fBpasswd\fR(4) and
207 \fBshadow\fR(4)) supports automatic account locking. See also
208 \fBpam_unix_auth\fR(5).
209 .sp
210 .LP
211 The \fBlogin\fR command uses \fBpam\fR(3PAM) for authentication, account
212 management, session management, and password management. The \fBPAM\fR
213 configuration policy, listed through \fB/etc/pam.conf\fR, specifies the modules
214 to be used for \fBlogin\fR. Here is a partial \fBpam.conf\fR file with entries
215 for the \fBlogin\fR command using the UNIX authentication, account management,
216 and session management modules:
217 .sp
218 .in +2
219 .nf
220 login auth required pam_authtok_get.so.1
221 login auth required pam_dhkeys.so.1
235 .sp
236 .in +2
237 .nf
238 other password required pam_dhkeys.so.1
239 other password requisite pam_authtok_get.so.1
240 other password requisite pam_authtok_check.so.1
241 other password required pam_authtok_store.so.1
242 .fi
243 .in -2
244
245 .sp
246 .LP
247 If there are no entries for the service, then the entries for the \fBother\fR
248 service is used. If multiple authentication modules are listed, then the user
249 can be prompted for multiple passwords.
250 .sp
251 .LP
252 When \fBlogin\fR is invoked through \fBrlogind\fR or \fBtelnetd\fR, the service
253 name used by \fBPAM\fR is \fBrlogin\fR or \fBtelnet\fR, respectively.
254 .SH OPTIONS
255 .LP
256 The following options are supported:
257 .sp
258 .ne 2
259 .na
260 \fB\fB-d\fR \fIdevice\fR\fR
261 .ad
262 .RS 26n
263 \fBlogin\fR accepts a device option, \fIdevice\fR. \fIdevice\fR is taken to be
264 the path name of the \fBTTY\fR port \fBlogin\fR is to operate on. The use of
265 the device option can be expected to improve \fBlogin\fR performance, since
266 \fBlogin\fR does not need to call \fBttyname\fR(3C). The \fB-d\fR option is
267 available only to users whose \fBUID\fR and effective \fBUID\fR are root. Any
268 other attempt to use \fB-d\fR causes \fBlogin\fR to quietly exit.
269 .RE
270
271 .sp
272 .ne 2
273 .na
274 \fB\fB-h\fR \fIhostname\fR [\fIterminal\fR]\fR
331 authenticated. This usually is \fBnot\fR be the same as that user's Unix login
332 name. For Kerberized login sessions, this is the Kerberos principal name
333 associated with the user.
334 .RE
335
336 .sp
337 .ne 2
338 .na
339 \fB\fB-U\fR \fIruser\fR\fR
340 .ad
341 .RS 26n
342 Indicates the name of the person attempting to login on the remote side of the
343 rlogin connection. When \fBin.rlogind\fR(1M) is operating in Kerberized mode,
344 that daemon processes the terminal and remote user name information prior to
345 invoking \fBlogin\fR, so the "\fBruser\fR" data is indicated using this command
346 line parameter. Normally (non-Kerberos authenticated \fBrlogin\fR), the
347 \fBlogin\fR daemon reads the remote user information from the client.
348 .RE
349
350 .SH EXIT STATUS
351 .LP
352 The following exit values are returned:
353 .sp
354 .ne 2
355 .na
356 \fB\fB0\fR\fR
357 .ad
358 .RS 12n
359 Successful operation.
360 .RE
361
362 .sp
363 .ne 2
364 .na
365 \fBnon-zero\fR
366 .ad
367 .RS 12n
368 Error.
369 .RE
370
371 .SH FILES
372 .ne 2
373 .na
374 \fB\fB$HOME/.cshrc\fR\fR
375 .ad
376 .RS 23n
377 Initial commands for each \fBcsh\fR.
378 .RE
379
380 .sp
381 .ne 2
382 .na
383 \fB\fB$HOME/.hushlogin\fR\fR
384 .ad
385 .RS 23n
386 Suppresses login messages.
387 .RE
388
389 .sp
390 .ne 2
391 .na
499 .ne 2
500 .na
501 \fB\fB/etc/shadow\fR\fR
502 .ad
503 .RS 23n
504 List of users' encrypted passwords.
505 .RE
506
507 .sp
508 .ne 2
509 .na
510 \fB\fB/usr/bin/sh\fR\fR
511 .ad
512 .RS 23n
513 User's default command interpreter.
514 .RE
515
516 .sp
517 .ne 2
518 .na
519 \fB\fB/var/adm/lastlog.v2\fR\fR
520 .ad
521 .RS 23n
522 Time of last login.
523 .RE
524
525 .sp
526 .ne 2
527 .na
528 \fB\fB/var/adm/loginlog\fR\fR
529 .ad
530 .RS 23n
531 Record of failed login attempts.
532 .RE
533
534 .sp
535 .ne 2
536 .na
537 \fB\fB/var/adm/utmpx\fR\fR
538 .ad
539 .RS 23n
712 locking (see \fBSECURITY\fR above), the account is locked and \fBlogin\fR
713 exits. If automatic locking has not been configured, \fBlogin\fR exits without
714 locking the account.
715 .RE
716
717 .sp
718 .ne 2
719 .na
720 \fB\fBSYSLOG_FAILED_LOGINS\fR\fR
721 .ad
722 .RS 24n
723 Used to determine how many failed login attempts are allowed by the system
724 before a failed login message is logged, using the \fBsyslog\fR(3C)
725 \fBLOG_NOTICE\fR facility. For example, if the variable is set to \fB0\fR,
726 \fBlogin\fR logs \fIall\fR failed login attempts.
727 .RE
728
729 .RE
730
731 .SH ATTRIBUTES
732 .LP
733 See \fBattributes\fR(5) for descriptions of the following attributes:
734 .sp
735
736 .sp
737 .TS
738 box;
739 c | c
740 l | l .
741 ATTRIBUTE TYPE ATTRIBUTE VALUE
742 _
743 Interface Stability Committed
744 .TE
745
746 .SH SEE ALSO
747 .LP
748 \fBcsh\fR(1), \fBexit\fR(1), \fBksh\fR(1), \fBksh93\fR(1), \fBmail\fR(1),
749 \fBmailx\fR(1), \fBnewgrp\fR(1), \fBpasswd\fR(1), \fBrlogin\fR(1),
750 \fBrsh\fR(1), \fBsh\fR(1), \fBshell_builtins\fR(1), \fBtelnet\fR(1),
751 \fBumask\fR(1), \fBin.rlogind\fR(1M), \fBin.telnetd\fR(1M), \fBlogins\fR(1M),
752 \fBquota\fR(1M), \fBsu\fR(1M), \fBsulogin\fR(1M), \fBsyslogd\fR(1M),
753 \fBuseradd\fR(1M), \fBuserdel\fR(1M), \fBpam\fR(3PAM), \fBrcmd\fR(3SOCKET),
754 \fBsyslog\fR(3C), \fBttyname\fR(3C), \fBauth_attr\fR(4), \fBexec_attr\fR(4),
755 \fBhosts.equiv\fR(4), \fBissue\fR(4), \fBlogindevperm\fR(4), \fBloginlog\fR(4),
756 \fBnologin\fR(4), \fBnsswitch.conf\fR(4), \fBpam.conf\fR(4), \fBpasswd\fR(4),
757 \fBpolicy.conf\fR(4), \fBprofile\fR(4), \fBshadow\fR(4), \fBuser_attr\fR(4),
758 \fButmpx\fR(4), \fBwtmpx\fR(4), \fBattributes\fR(5), \fBenviron\fR(5),
759 \fBpam_unix_account\fR(5), \fBpam_unix_auth\fR(5), \fBpam_unix_session\fR(5),
760 \fBpam_authtok_check\fR(5), \fBpam_authtok_get\fR(5),
761 \fBpam_authtok_store\fR(5), \fBpam_dhkeys\fR(5), \fBpam_passwd_auth\fR(5),
762 \fBtermio\fR(7I)
763 .SH DIAGNOSTICS
764 .ne 2
765 .na
766 \fB\fBLogin incorrect\fR\fR
767 .ad
768 .sp .6
769 .RS 4n
770 The user name or the password cannot be matched.
771 .RE
772
773 .sp
774 .ne 2
775 .na
776 \fB\fBNot on system console\fR\fR
777 .ad
778 .sp .6
779 .RS 4n
780 Root login denied. Check the \fBCONSOLE\fR setting in \fB/etc/default/login\fR.
781 .RE
782
783 .sp
796 .na
797 \fB\fBNo shell\fR\fR
798 .ad
799 .sp .6
800 .RS 4n
801 Cannot execute the shell named in the \fBpasswd\fR(4) database. Contact your
802 system administrator.
803 .RE
804
805 .sp
806 .ne 2
807 .na
808 \fB\fBNO LOGINS: System going down in\fR \fIN\fR \fBminutes\fR\fR
809 .ad
810 .sp .6
811 .RS 4n
812 The machine is in the process of being shut down and logins have been disabled.
813 .RE
814
815 .SH WARNINGS
816 .LP
817 Users with a \fBUID\fR greater than 76695844 are not subject to password aging,
818 and the system does not record their last login time.
819 .sp
820 .LP
821 If you use the \fBCONSOLE\fR setting to disable root logins, you should arrange
822 that remote command execution by root is also disabled. See \fBrsh\fR(1),
823 \fBrcmd\fR(3SOCKET), and \fBhosts.equiv\fR(4) for further details.
824 .SH NOTES
825 .LP
826 The \fBpam_unix\fR(5) module is no longer supported. Similar functionality is
827 provided by \fBpam_unix_account\fR(5), \fBpam_unix_auth\fR(5),
828 \fBpam_unix_session\fR(5), \fBpam_authtok_check\fR(5),
829 \fBpam_authtok_get\fR(5), \fBpam_authtok_store\fR(5), \fBpam_dhkeys\fR(5), and
830 \fBpam_passwd_auth\fR(5).
|