Explanation of the Login Process |
 |
The following steps describe the login process.
This information shows how important it is to create unique user names
and to maintain a password security policy. For more information,
refer to login(1).
After the system is installed, the desktop Login
Manager displays a login screen. The Common Desktop Environment (CDE)
displays a CDE login screen if it is installed.
The init program spawns a getty process, which prompts you for a user name. You enter
your user name. The getty program passes the user
name to the login program.
The login program searches/etc/passwd for the user name.
If the user name exists, login goes
to step 4 .
If the user name does not exist, then login does the following checks:
Prompts for a password (Password: ).
If an invalid password is entered, the system displays
the Invalid login error message.
Updates the /var/adm/btmp file
if it exists. The /var/adm/btmp file keeps track
of invalid login attempts. See Section for more information.
Exits after three consecutive invalid login attempts.
The login process
verifies the /etc/passwd file.
If the password field is set, login prompts for a password and goes to step 5.
If the password field is not set, the user does not
need a password and login goes to step 6 .
The login process
compares the password to the encrypted password in /etc/passwd.
If the password matches, login goes
to step 6.
If the password does not match, login displays Invalid login. The login process allows three consecutive login attempts. After the user's
third invalid login attempt, login exits.
The login process
updates the /var/adm/wtmp file, which keeps track
of valid logins. See Section for more information.
After a successful login, the
user and group IDs, group access list, and working directory are initialized.
The login process then runs the
command in the command field of the /etc/passwd file. Typically, the command field is the path name of a shell,
such as /bin/ksh, /bin/csh,
or /bin/sh. If the command field is empty, the
default is /bin/sh.
The command field
does not have to be a shell. See Section for an example of running another command.
After the shell initialization is complete, the system
displays a prompt and waits for user input.
You can have the login process
perform further user authentication using the Pluggable Authentication
Modules (PAM). For more information, see pam.conf(4) and Section .
Checking the login Tracking Files (btmp and wtmp) |
|
The following files keep a log of logins:
The /var/adm/btmp file keeps
track of failed logins.
The /var/adm/wtmp file keeps
track of successful logins.
Use the lastb command to read
the /var/adm/btmp file to see if unauthorized users
have attempted to log in.
Use the last command to read
the/var/adm/wtmp file.
The last and lastb commands display the most recent user information, in descending
order.
The wtmp and btmp files tend to grow without bound, so check them regularly. Periodically
remove information that is no longer useful to prevent the file from
becoming too large. The wtmp and btmp files are not created by the programs that maintain them. If these
files are removed, login record keeping is turned off.
A common mistake users make during login is to
enter the password, or part of the password at the login prompt. This
failed login is recorded in the btmps file and
exposes the password or partial password. For this reason, the file
protection on the btmps should be set so that
it is only readable by administrators.
# chmod 400 /var/adm/btmps |
If the security policy requires that past sessions
of one user cannot be viewed by another user, then the file protection
of the /var/adm/wtmp file may also need to be
changed.
See last(1), utmp(4), and wtmp(4) for more information.
The utmp database is a user
accounting database managed and synchronized according to /var/adm/utmp by the utmpd command.
Application programs can access the utmps database.
See utmpd(1M) and utmps(4).
This section contains examples of using the last command. The following command lists all of the root
sessions and all sessions on the console terminal:
# last root console | more
root pts/1 Mon Mar 12 16:22 - 18:04 (01:41)
abcdeux console Mon Mar 12 10:13 - 10:19 (00:06)
root pts/2 Fri Mar 9 13:51 - 15:12 (01:21)
abcdeux console Thu Mar 8 12:21 - 12:22 (00:00)
root pts/ta Wed Mar 7 15:38 - 18:13 (02:34) |
The following command lists when reboots have occurred:
# last reboot
reboot system boot Sun Mar 28 18:06 still logged in
reboot system boot Sun Mar 28 17:48 - 18:06 (00:17)
reboot system boot Sun Mar 28 17:40 - 17:48 (00:08)
reboot system boot Thu Feb 19 18:25 - 17:40 (37+23:15)
reboot system boot Mon Feb 16 13:56 - 18:25 (3+04:28) |
Checking Who Is Logged In |
|
The who command examines the /etc/utmp file to obtain current user login information.
In addition, the who command can list logins, logoffs,
reboots, changes to the system clock, and processes spawned by the init process.
Use the who -u command to monitor
who is currently logged in. For example:
# who -u
aperson console Aug 5 11:28 old 5796 system.home.company.com
aperson pts/0 Aug 17 18:11 0:03 24944 system
aperson pts/1 Aug 5 11:28 1:14 5840 system |
See who(1) for more information.
Printable version
