Updated: 2022/Sep/29

Please read Privacy Policy. It's for your privacy.

LOGIN(1)                    General Commands Manual                   LOGIN(1)

     login - authenticate users and set up their session environment

     login [-Ffps] [-a address] [-h hostname] [user]

     The login utility logs users (and pseudo-users) into the computer system.

     If no user is specified, or if a user is specified and authentication of
     the user fails, login prompts for a user name.  Authentication of users
     is done via passwords.  If the user can be authenticated via S/Key, then
     the S/Key challenge is incorporated in the password prompt.  The user
     then has the option of entering their Kerberos or normal password or the
     S/Key response.  Neither will be echoed.

     The options are as follows:

     -a      The -a option specifies the address of the host from which the
             connection was received.  It is used by various daemons such as
             telnetd(8).  This option may only be used by the super-user.

     -F      The -F option acts like the -f option, but also indicates to
             login that it should attempt to rewrite an existing Kerberos 5
             credentials cache (specified by the KRB5CCNAME environment
             variable) after dropping permissions to the user logging in.
             This flag is not supported under pam(8).

     -f      The -f option is used when a user name is specified to indicate
             that proper authentication has already been done and that no
             password need be requested.  This option may only be used by the
             super-user or when an already logged in user is logging in as

     -h      The -h option specifies the host from which the connection was
             received.  It is used by various daemons such as telnetd(8).
             This option may only be used by the super-user.

     -p      By default, login discards any previous environment.  The -p
             option disables this behavior.

     -s      Require a secure authentication mechanism like Kerberos or S/Key
             to be used.  This flag is not supported under pam(8).

     If a user other than the superuser attempts to login while the file
     /etc/nologin exists, login displays its contents to the user and exits.
     This is used by shutdown(8) to prevent normal users from logging in when
     the system is about to go down.

     Immediately after logging a user in, login displays the system copyright
     notice, the date and time the user last logged in, the message of the day
     as well as other information.  If the file ".hushlogin" exists in the
     user's home directory, all of these messages are suppressed.  This is to
     simplify logins for non-human users.  login then records an entry in the
     wtmp(5) and utmp(5) files, executes site-specific login commands via the
     ttyaction(3) facility with an action of "login", and executes the user's
     command interpreter.

     login enters information into the environment (see environ(7)) specifying
     the user's home directory (HOME), command interpreter (SHELL), search
     path (PATH), terminal type (TERM) and user name (both LOGNAME and USER).

     The user's login experience can be customized using login class
     capabilities as configured in /etc/login.conf and documented in

     The standard shells, csh(1) and sh(1), do not fork before executing the
     login utility.

     /etc/login.conf    login class capability database
     /etc/motd          message-of-the-day
     /etc/nologin       disallows non-superuser logins
     /var/run/utmp      list of current logins
     /var/log/lastlog   last login account records
     /var/log/wtmp      login account records
     /var/mail/user     system mailboxes
     .hushlogin         makes login quieter

     chpass(1), newgrp(1), passwd(1), rlogin(1), skey(1), getpass(3),
     ttyaction(3), login.conf(5), passwd.conf(5), utmp(5), environ(7),
     kerberos(8), pam(8)

     A login appeared in Version 6 AT&T UNIX.

     S/Key is a trademark of Bellcore.

NetBSD 10.99                   November 19, 2008                  NetBSD 10.99