login Command Purpose Initiates a user session. Syntax login [ -h HostName [ -p ] [ -f User ] ] [ User [ Environment ] ] Description The login command (part of the tsm command), initiates sessions on the system for the user specified by the User parameter. You can also specify environment variables to be added to the user's environment. These are strings of the form Variable=Value. The login command is not normally entered on the command line. Notes: 1. The PATH, IFS, HOME, and SHELL environment variables may not be initialized from the command line. 2. The login command supports multibyte user names. It is recom- mended that the system administrator restrict the user names to characters within the portable character set to remove any ambi- guity. The login command performs the following functions: Checks accounts The login command validates the user's account and ensures that it exists, that it is enabled for logins, and that it can be used from the port being used for the login. Authenticates users The login command verifies the user's identi- ty by using the system defined authentication methods for each user. If a password has expired, the user must supply a new password. If secondary authentication methods are defined, these are invoked but need not be successful in order to log in to the system. Establishes credentials The login command establishes the initial credentials for the user from the user database. These creden- tials define the user's access rights and accountability on the system. Initiates a session The login command initializes the user en- vironment from the user database, from the command line, and from the /etc/environment configuration file; changes the current directory to the user's home directory (normally); and runs the user's initial program. These functions are performed in the order given; if one fails, the functions that follow are not performed. When a user logs in successfully, the login command makes entries in the /etc/utmp file (tracks current user logins) and the /var/adm/wtmp file (used for accounting purposes). The login command also sets the LOGIN and LOGNAME system-state environment variables. Information pertaining to each unsuccessful login is recorded in the /etc/security/failedlogin file. The information stored is the same as that in the /etc/utmp file, except that unrecogniz- able user names will be logged as UNKNOWN_USER. This ensures that a password accidentally entered as a user name, for example, is not allowed into the system unencrypted. After a successful login, the login command displays the message of the day, the date and time of the last successful and unsuc- cessful login attempts for this account, and the total number of unsuccessful login attempts for this account since the last successful login. These messages are suppressed if there is a .hushlogin file in your home directory. The login command will also change the ownership of the login port to the user. This includes any ports noted as synonyms in the /etc/security/login.cfg file. In order to preserve the integrity of the system, only one ses- sion at a time is allowed to be logged in to a port. This means that the login command entered from the shell prompt cannot succeed, as both the original session and the new login session would be on the same port. The exec login command could succeed, though, since a new shell replaces the current one. The login command is typically a built-in shell command, causing the shell to replace itself. Note: Unless your terminal displays only uppercase letters, your user name should not consist of uppercase letters exclusively. Flags -f User Identifies a user who has already been authenticated. If the real ID of the login process is root (0), then the user is not authenticated. -h HostName Identifies the login as a remote login and specifies with the HostName variable the name of the machine requesting the login. This form of the login is used only by the telnetd and rlogind daemon programs. -p Preserves the current terminal type by setting it the value of the $TERM environment variable instead of the type contained in the CuAt/PdAt database. Security Access Control: This program should be setuid to the root user, should grant executable (x) permission to any user, and is in the Trusted Computing Base. Examples To log in to the system as user jamesd, enter the following at the login prompt: login: jamesd If you have a password defined, the password prompt appears. Enter your password at this prompt. Implementation Specifics This command is part of Base Operating System (BOS) Runtime. To log in with multibyte user names, you must first open a Japanese window (aixterm) and initiate a new login from the Japanese window. Files /usr/sbin/login Contains the login command. /etc/utmp Contains accounting information. /var/adm/wtmp Contains accounting information. /etc/motd Contains the message of the day. /etc/passwd Contains passwords. $HOME/.hushlogin Suppresses login messages. /etc/environment Contains user environment configuration infor- mation. /etc/security/login.cfg Contains port synonyms. /etc/security/lastlog Contains information pertaining to the most recent successful and unsuccessful login attempts. /etc/security/failedlogin Contains information pertaining to each unsuccessful login. Related Information The getty command, setgroups command, setsenv command, su command and tsm command. The setuid subroutine. The utmp, wtmp, failedlogin file format, lastlog file format. How to Suppress Login Messages. Shells Overview in AIX Version 3.2 System User's Guide: Base and Devices describes what shells are, the different types of shells, and how shells affect the way commands are interpreted. Login and Logout Overview in AIX Version 3.2 System User's Guide: Base and Devices.