NAME
login.conf — 
login class capability
  data base
SYNOPSIS
DESCRIPTION
The 
login.conf file describes the various attributes of login
  classes. A login class determines what styles of authentication are available
  as well as session resource limits and environment setup. While designed
  primarily for the 
login(1)
  program, it is also used by other programs, e.g.,
  
rexecd(8), which need to set up
  a user environment.
The class to be used is normally determined by the 
class
  field in the password file (see
  
passwd(5)). The class is used to
  look up a corresponding entry in the 
login.conf file. A
  special class called “default” will be used (if it exists) if the
  field in the password file is empty.
CAPABILITIES
Refer to 
capfile(5) for a
  description of the file layout. An example entry is:
classname|Description entry:\ 
	:capability=value:\ 
	:booleancapability:\ 
		... 
	:lastcapability=value:
 
All entries in the 
login.conf file are either boolean or use a
  `=' to separate the capability from the value. The types are described after
  the capability table.
  
    
    
    
  
  
    | Name | Type | Default | Description   | 
  
    | copyright | file |  | File containing additional copyright information. (If
      the file exists, login(1)
      displays it before the welcome message.)   | 
  
    | coredumpsize | size |  | Maximum coredump size.   | 
  
    | cputime | time |  | CPU usage limit.   | 
  
    | datasize | size |  | Maximum data size.   | 
  
    | filesize | size |  | Maximum file size.   | 
  
    | host.allow | string |  | A comma-separated list of host name or IP address
      patterns from which a class is allowed access. Access is instead denied
      from any hosts preceded by ‘ !’.
      Patterns can contain the
      sh(1)-style
      ‘*’ and
      ‘?’ wildcards. The
      host.deny entry is checked before
      host.allow. (Currently used only by
      sshd(8).)  | 
  
    | host.deny | string |  | A comma-separated list of host name or IP address
      patterns from which a class is denied access. Patterns as per
      host.allow, although a matched pattern that has been
      negated with ‘ !’ is ignored.
      (Currently used only by
      sshd(8).)  | 
  
    | hushlogin | bool | false | Same as having a $HOME/.hushlogin
      file. See login(1).   | 
  
    | ignorenologin | bool | false | Not affected by nologin files.   | 
  
    | login-retries | number | 10 | Maximum number of login attempts allowed.   | 
  
    | login-backoff | number | 3 | Number of login attempts after which to start random
      back-off.   | 
  
    | maxproc | number |  | Maximum number of processes.   | 
  
    | maxthread | number |  | Maximum number of threads. The first thread of each
      process is not counted against this.   | 
  
    | memorylocked | size |  | Maximum locked in core memory size.   | 
  
    | memoryuse | size |  | Maximum in core memoryuse size.   | 
  
    | minpasswordlen | number |  | The minimum length a local password may be. Used by
      the passwd(1) utility.   | 
  
    | nologin | file |  | If the file exists it will be displayed and the login
      session will be terminated.   | 
  
    | openfiles | number |  | Maximum number of open file descriptors per process.   | 
  
    | passwordtime | time |  | Used by
      passwd(1) to set next
      password expiry date.   | 
  
    | password-warn | time | 2w | If the user's password will expire within this length
      of time then warn the user of this.   | 
  
    | path | path | /bin /usr/bin |  Default search path.   | 
  
    | priority | number |  | Initial priority (nice) level.   | 
  
    | requirehome | bool | false | Require home directory to login.   | 
  
    | sbsize | size |  | Maximum socket buffer size.   | 
  
    | setenv | list |  | Comma or whitespace separated list of environment
      variables and values to be set. Commas and whitespace can be escaped using
      \\.   | 
  
    | shell | program |  | Session shell to execute rather than the shell
      specified in the password file. The SHELLenvironment variable will contain the shell specified in the password
      file.  | 
  
    | stacksize | size |  | Maximum stack size.   | 
  
    | tc | string |  | A "continuation" entry, which must be the
      last capability provided. More capabilities are read from the named entry.
      The capabilities given before tc override those in the
      entry invoked by tc.   | 
  
    | term | string | su | Default terminal type if not able to determine from
      other means.   | 
  
    | umask | number | 022 | Initial umask. Should always have a leading 0to assure octal interpretation. See
      umask(2).  | 
  
    | vmemoryuse | size |  | Maximum virtual address space size.   | 
  
    | welcome | file | /etc/motd | File containing welcome message.
      login(1) displays this and
      sshd(8) sends this. | 
The resource limit entries (
coredumpsize,
  
cputime, 
datasize,
  
filesize, 
maxproc,
  
memorylocked, 
memoryuse,
  
openfiles, 
sbsize,
  
stacksize and 
vmemoryuse) actually specify
  both the maximum and current limits (see
  
getrlimit(2)). The current
  limit is the one normally used, although the user is permitted to increase the
  current limit to the maximum limit. The maximum and current limits may be
  specified individually by appending a ‘
-max’ or
  ‘
-cur’ to the capability name (e.g.,
  
openfiles-max and 
openfiles-cur).
NetBSD will never define capabilities which start with
  
x- or 
X-; these are reserved
  for external use (unless included through contributed software).
The argument types are defined as:
  -  
-  
- bool
- If the name is present, then the boolean value is true;
      otherwise, it is false.
-  
-  
- file
- Path name to a text file.
-  
-  
- list
- A comma or whitespace separated list of values.
-  
-  
- number
- A number. A leading 0ximplies the
      number is expressed in hexadecimal. A leading0implies the number is expressed in octal. Any other number is treated as
      decimal.
-  
-  
- path
- A space separated list of path names. If a
      ‘~’ is the first character in the path
      name, the ‘~’ is expanded to the
      user's home directory.
-  
-  
- program
- A path name to program.
-  
-  
- size
- A number which expresses a size in bytes. It may have a
      trailing bto multiply the value by 512, akto multiply the value by 1 K (1024), and amto multiply the value by 1 M (1048576).
-  
-  
- time
- A time in seconds. A time may be expressed as a series of
      numbers which are added together. Each number may have a trailing
      character to represent time units:
    
      -  
-  
- y
- Indicates a number of 365 day years.
-  
-  
- w
- Indicates a number of 7 day weeks.
-  
-  
- d
- Indicates a number of 24 hour days.
-  
-  
- h
- Indicates a number of 60 minute hours.
-  
-  
- m
- Indicates a number of 60 second minutes.
-  
-  
- s
- Indicates a number of seconds.
 For example, to indicate 1 and 1/2 hours, the following string could be
      used:1h30m.
FILES
  - /etc/login.conf
- login class capability database
- /etc/login.conf.db
- hashed database built with
      cap_mkdb(1)
SEE ALSO
cap_mkdb(1),
  
login(1),
  
login_cap(3),
  
capfile(5),
  
ttys(5),
  
ftpd(8),
  
sshd(8)
HISTORY
The 
login.conf configuration file appeared in
  
NetBSD 1.5.