This is the command login.heimdal that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator
login — authenticate a user and start new session
login [-fp] [-a level] [-h hostname] [username]
This manual page documents the login program distributed with the Heimdal Kerberos 5
implementation, it may differ in important ways from your system version.
The login programs logs users into the system. It is intended to be run by system daemons
like getty(8) or telnetd(8). If you are already logged in, but want to change to another
user, you should use su(1).
A username can be given on the command line, else one will be prompted for.
A password is required to login, unless the -f option is given (indicating that the calling
program has already done proper authentication). With -f the user will be logged in without
For password authentication Kerberos 5, OTP (if compiled in) and local (/etc/passwd)
passwords are supported. OTP will be used if the the user is registered to use it, and login
is given the option -a otp. When using OTP, a challenge is shown to the user.
Further options are:
Which authentication mode to use, the only supported value is currently “otp”.
-f Indicates that the user is already authenticated. This happens, for instance, when
login is started by telnetd, and the user has proved authentic via Kerberos.
Indicates which host the user is logging in from. This is passed from telnetd, and
is entered into the login database.
-p This tells login to preserve all environment variables. If not given, only the TERM
and TZ variables are preserved. It could be a security risk to pass random variables
to login or the user shell, so the calling daemon should make sure it only passes
The process of logging user in proceeds as follows.
First a check is made that logins are allowed at all. This usually means checking
/etc/nologin. If it exists, and the user trying to login is not root, the contents is
printed, and then login exits.
Then various system parameters are set up, like changing the owner of the tty to the user,
setting up signals, setting the group list, and user and group id. Also various machine
specific tasks are performed.
Next login changes to the users home directory, or if that fails, to /. The environment is
setup, by adding some required variables (such as PATH), and also authentication related
ones (such as KRB5CCNAME). If an environment file exists (/etc/environment), variables are
set according to it.
If one or more login message files are configured, their contents is printed to the
If a login time command is configured, it is executed. A logout time command can also be
configured, which makes login fork, and wait for the user shell to exit, and then run the
command. This can be used to clean up user credentials.
Finally, the user's shell is executed. If the user logging in is root, and root's login
shell does not exist, a default shell (usually /bin/sh) is also tried before giving up.
These environment variables are set by login (not including ones set by /etc/environment):
PATH the default system path
HOME the user's home directory (or possibly /)
USER, LOGNAME both set to the username
SHELL the user's shell
TERM, TZ set to whatever is passed to login
KRB5CCNAME if the password is verified via Kerberos 5, this will point to the
credentials cache file
Use login.heimdal online using onworks.net services