login(4) login(4)
NAME
login - /etc/default/login file
DESCRIPTION
The /etc/default/login file contains the default settings for the
login(1) command.
FORMAT
The format of this file is identifier=value where both the identifiers
and values are defined by the login(1) program.
CONTENTS
ALTSHELL
Set to YES if a shell other than the default shell is permitted
in /etc/passwd.
CONSOLE
root may only log in on the path name at which CONSOLE is set.
Typically, this would be /dev/console.
COVERTLOGIN
If set to YES, the user login name will not be echoed.
DCELOGIN
If DCELOGIN is set to YES, DCE users can log in by accessing the
DCE registry, provided the DCE optional product is installed on
the system.
DISABLERHOSTS
If DISABLERHOSTS is set to YES, then the .rhosts file is ignored
and all remote logins will be subjected to the same login
requirements as local users.
HZ The system clock rate. This value should always be set to 100.
IDLEWEEKS
Sets a predetermined expiry date for user passwords. If a pass-
word exists for longer than IDLEWEEKS, it becomes invalid and the
user will not be able to log in.
IGNOREUPPERCASE
If IGNOREUPPERCASE is set to YES, login should not check for
"dumb" uppercase terminals. Otherwise, if IGNOREUPPERCASE is set
to NO and the login name only contains uppercase letters, login
assumes a "dumb" terminal and changes I/O control so that all
input/output is mapped to uppercase letters.
LOGINDELAY
Each unsuccessful attempt to login doubles the delay until the
next login prompt. The maximum delay is set by LOGINDELAY.
Page 1 Reliant UNIX 5.44 Printed 11/98
login(4) login(4)
MAXAUTH
If a user attempts to log in more than MAXAUTH times using an
invalid password, the user account is locked (see also passwd
-l). This lock can only be removed by the superuser (creating a
new password). The password lock can be removed by setting
MAXAUTH=0 or by commenting out or deleting the entry.
MAXTRIES
This feature will allow the number of guesses before dropping
carrier to be tuned.
MAXTRIES=0 No limit on the number of guesses.
MAXTRIES=>0 Carrier will be dropped after MAXTRIES tries.
MAXTRIES=<0 No limit on the number of guesses, but all guesses
after abs(MAXTRIES) will fail even if the password
is correct. If LOCKTTY is set, hang-ups will be
ignored - and the tty will remain locked until the
administrator (root) kills the login process
(signal -9 or similar).
PATH Sets the default path for the login session of a user who does
not have the uid 0.
STRICTRHOSTMODES
If STRICTRHOSTMODES is set to YES, then a user's local .rhost
file must not be rwx for the group or for other. The file must
(always) only be owned by the user or root.
SUPATH
Sets the default path for the root login session.
TIMEOUT
If the login does not succeed within the time set in TIMEOUT
seconds, login(1) terminates.
TIMEZONE
The default value for TIMEZONE is defined in /etc/TIMEZONE [see
timezone(4)]. To change the default time zone, use /etc/TIMEZONE.
Do not set TIMEZONE in /etc/default/login, as this will override
the value in /etc/TIMEZONE.
ULIMIT
This variable sets the maximum file size for a user. It is in
units of 512-byte blocks.
ULIMIT=UNLIMITED means: The file size is not limited (except
where the file size is defined by the respective file system
implementation).
Page 2 Reliant UNIX 5.44 Printed 11/98
login(4) login(4)
If there is no ULIMIT entry or if the entry is commented out, the
file size defined in the mtune(4) or stune(4) file is adopted.
UMASK
Sets the default umask for this login session.
The following variables are only used if the CSP (C2 Security)
optional product is installed.
AUTOLOGINMINUID
This is to set the minimum UID and can use .rhosts to log in
without typing a password. Note that if the CSP (C2 Security)
optional product is installed, an entry in /etc/hosts.deny over-
rides anything in .rhosts and /etc/hosts.equiv and results in a
prompt for a password. The format of /etc/hosts.deny is identical
to /etc/hosts.equiv.
CHECKROOTGROUP
If GETREALNAME is also true,this forces the real name to be a
member of group root before allowing root to log in.
CHECKGROUP
If not set no, then a non-root user must be a member of their
login group when they log in.
GETREALNAME
When logging in as root, this forces a real login name to be sup-
plied.
GRACE
GRACE seconds before the login session is terminated, or a warn-
ing message is printed on the controlling tty. If GRACE is nega-
tive, the session is not forced to end.
LOCKTTY
If LOCKTTY is not no then a port with too many failed guesses is
disabled and the system administrator must reenable it. MAXTRIES
must be negative for this to be enabled.
MAXUNAUTH
If a user tries to log in more than MAXUNAUTH times during an
unauthorized time, the user is locked. This only applies if timed
login sessions are enabled.
SECUREUSER
The login name of the system security officer, root, and this
login account are always allowed to try to log in.
TIMEWINDOWS
If this is not set to no, then timed login sessions are enabled.
Page 3 Reliant UNIX 5.44 Printed 11/98
login(4) login(4)
DEFAULT VALUES
ALTSHELL=YES
AUTOLOGINMINUID=0
CHECKROOTGROUP=NO
CHECKGROUP=NO
CONSOLE=/dev/console
COVERTLOGIN=YES
DCELOGIN=NO
DISABLERHOSTS=YES
GETREALNAME=NO
GRACE=60
HZ=100
IDLEWEEKS=-1
IGNOREUPPERCASE=YES
LOCKTTY=NO
LOGINDELAY=61
MAXAUTH=5
MAXTRIES=5
MAXUNAUTH=2
PATH=/usr/bin:/usr/sbin:/opt/bin
SECUREUSER=sso
STRICTRHOSTMODES=NO
SUPATH=/sbin:/usr/sbin:/usr/bin:/opt/bin
TIMEWINDOWS=NO
TIMEOUT=60
TIMEZONE=EST5EDT
ULIMIT=32768
UMASK=022
SEE ALSO
login(1).
Page 4 Reliant UNIX 5.44 Printed 11/98