summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/appl/login/login.1
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/appl/login/login.1')
-rw-r--r--crypto/heimdal/appl/login/login.1253
1 files changed, 0 insertions, 253 deletions
diff --git a/crypto/heimdal/appl/login/login.1 b/crypto/heimdal/appl/login/login.1
deleted file mode 100644
index 1ae4f3e..0000000
--- a/crypto/heimdal/appl/login/login.1
+++ /dev/null
@@ -1,253 +0,0 @@
-.\" $Id: login.1 14891 2005-04-22 15:49:25Z joda $
-.\"
-.Dd April 22, 2005
-.Dt LOGIN 1
-.Os HEIMDAL
-.Sh NAME
-.Nm login
-.Nd
-authenticate a user and start new session
-.Sh SYNOPSIS
-.Nm
-.Op Fl fp
-.Op Fl a Ar level
-.Op Fl h Ar hostname
-.Ar [username]
-.Sh DESCRIPTION
-This manual page documents the
-.Nm login
-program distributed with the Heimdal Kerberos 5 implementation, it may
-differ in important ways from your system version.
-.Pp
-The
-.Nm login
-programs logs users into the system. It is intended to be run by
-system daemons like
-.Xr getty 8
-or
-.Xr telnetd 8 .
-If you are already logged in, but want to change to another user, you
-should use
-.Xr su 1 .
-.Pp
-A username can be given on the command line, else one will be prompted
-for.
-.Pp
-A password is required to login, unless the
-.Fl f
-option is given (indicating that the calling program has already done
-proper authentication). With
-.Fl f
-the user will be logged in without further questions.
-.Pp
-For password authentication Kerberos 5, Kerberos 4 (if compiled in),
-OTP (if compiled in) and local
-.No ( Pa /etc/passwd )
-passwords are supported. OTP will be used if the the user is
-registered to use it, and
-.Nm login
-is given the option
-.Fl a Li otp .
-When using OTP, a challenge is shown to the user.
-.Pp
-Further options are:
-.Bl -tag -width Ds
-.It Fl a Ar string
-Which authentication mode to use, the only supported value is
-currently
-.Dq otp .
-.It Fl f
-Indicates that the user is already authenticated. This happens, for
-instance, when login is started by telnetd, and the user has proved
-authentic via Kerberos.
-.It Fl h Ar hostname
-Indicates which host the user is logging in from. This is passed from
-telnetd, and is entered into the login database.
-.It Fl p
-This tells
-.Nm login
-to preserve all environment variables. If not given, only the
-.Dv TERM
-and
-.Dv TZ
-variables are preserved. It could be a security risk to pass random
-variables to
-.Nm login
-or the user shell, so the calling daemon should make sure it only
-passes
-.Dq safe
-variables.
-.El
-.Pp
-The process of logging user in proceeds as follows.
-.Pp
-First a check is made that logins are allowed at all. This usually
-means checking
-.Pa /etc/nologin .
-If it exists, and the user trying to login is not root, the contents
-is printed, and then login exits.
-.Pp
-Then various system parameters are set up, like changing the owner of
-the tty to the user, setting up signals, setting the group list, and
-user and group id. Also various machine specific tasks are performed.
-.Pp
-Next
-.Nm login
-changes to the users home directory, or if that fails, to
-.Pa / .
-The environment is setup, by adding some required variables (such as
-.Dv PATH ) ,
-and also authentication related ones (such as
-.Dv KRB5CCNAME ) .
-If an environment file exists
-.No ( Pa /etc/environment ) ,
-variables are set according to
-it.
-.Pp
-If one or more login message files are configured, their contents is
-printed to the terminal.
-.Pp
-If a login time command is configured, it is executed. A logout time
-command can also be configured, which makes
-.Nm login
-fork, and wait for the user shell to exit, and then run the command.
-This can be used to clean up user credentials.
-.Pp
-Finally, the user's shell is executed. If the user logging in is root,
-and root's login shell does not exist, a default shell (usually
-.Pa /bin/sh )
-is also tried before giving up.
-.Sh ENVIRONMENT
-These environment variables are set by login (not including ones set by
-.Pa /etc/environment ) :
-.Pp
-.Bl -tag -compact -width USERXXLOGNAME
-.It Dv PATH
-the default system path
-.It Dv HOME
-the user's home directory (or possibly
-.Pa / )
-.It Dv USER , Dv LOGNAME
-both set to the username
-.It Dv SHELL
-the user's shell
-.It Dv TERM , Dv TZ
-set to whatever is passed to
-.Nm login
-.It Dv KRB5CCNAME
-if the password is verified via Kerberos 5, this will point to the
-credentials cache file
-.It Dv KRBTKFILE
-if the password is verified via Kerberos 4, this will point to the
-ticket file
-.El
-.Sh FILES
-.Bl -tag -compact -width Ds
-.It Pa /etc/environment
-Contains a set of environment variables that should be set in addition
-to the ones above. It should contain sh-style assignments like
-.Dq VARIABLE=value .
-Note that they are not parsed the way a shell would. No variable
-expansion is performed, and all strings are literal, and quotation
-marks should not be used. Everything after a hash mark is considered a
-comment. The following are all different (the last will set the
-variable
-.Dv BAR ,
-not
-.Dv FOO ) .
-.Bd -literal -offset indent
-FOO=this is a string
-FOO="this is a string"
-BAR= FOO='this is a string'
-.Ed
-.It Pa /etc/login.access
-See
-.Xr login.access 5 .
-.It Pa /etc/login.conf
-This is a termcap style configuration file, that contains various
-settings used by
-.Nm login .
-Currently only the
-.Dq default
-capability record is used. The possible capability strings include:
-.Pp
-.Bl -tag -compact -width Ds
-.It Li environment
-This is a comma separated list of environment files that are read in
-the order specified. If this is missing the default
-.Pa /etc/environment
-is used.
-.It Li login_program
-This program will be executed just before the user's shell is started.
-It will be called without arguments.
-.It Li logout_program
-This program will be executed just after the user's shell has
-terminated. It will be called without arguments. This program will be
-the parent process of the spawned shell.
-.It Li motd
-A comma separated list of text files that will be printed to the
-user's terminal before starting the shell. The string
-.Li welcome
-works similarly, but points to a single file.
-.It Li limits
-Points to a file containing ulimit settings for various users. Syntax
-is inspired by what pam_limits uses, and the default is
-.Pa /etc/security/limits.conf .
-.El
-.It Pa /etc/nologin
-If it exists, login is denied to all but root. The contents of this
-file is printed before login exits.
-.El
-.Pp
-Other
-.Nm login
-programs typically print all sorts of information by default, such as
-last time you logged in, if you have mail, and system message files.
-This version of
-.Nm login
-does not, so there is no reason for
-.Pa .hushlogin
-files or similar. We feel that these tasks are best left to the user's
-shell, but the
-.Li login_program
-facility allows for a shell independent solution, if that is desired.
-.Sh EXAMPLES
-A
-.Pa login.conf
-file could look like:
-.Bd -literal -offset indent
-default:\\
- :motd=/etc/motd,/etc/motd.local:\\
- :limits=/etc/limits.conf:
-.Ed
-.Pp
-The
-.Pa limits.conf
-file consists of a table with four whitespace separated fields. First
-field is a username or a groupname (prefixed with
-.Sq @ ) ,
-or
-.Sq * .
-Second field is
-.Sq soft ,
-.Sq hard ,
-or
-.Sq -
-(the last meaning both soft and hard).
-Third field is a limit name (such as
-.Sq cpu
-or
-.Sq core ) .
-Last field is the limit value (a number or
-.Sq -
-for unlimited). In the case of data sizes, the value is in kilobytes,
-and cputime is in minutes.
-.Sh SEE ALSO
-.Xr su 1 ,
-.Xr login.access 5 ,
-.Xr getty 8 ,
-.Xr telnetd 8
-.Sh AUTHORS
-This login program was written for the Heimdal Kerberos 5
-implementation. The login.access code was written by Wietse Venema.
-.\".Sh BUGS
OpenPOWER on IntegriCloud