LINFO

Login Definition



A login, logging in or logging on is the entering of identifier information into a system by a user in order to access that system (e.g., a computer or a website). It is an integral part of computer security procedures.

A login generally requires the user to enter two pieces of information, first a user name and then a password. This information is entered into a login window on a GUI (graphical user interface) or on the command line in a console (i.e., an all-text mode screen), depending on the system and situation.

A user name, also referred to as an account name, is a string (i.e., sequence of characters) that uniquely identifies a user. User names can be the same as or related to the real names of users, or they can be completely arbitrary.

A password is likewise a string, but it differs from a user name in that it is intended to be kept a secret that is known only to its user and, perhaps, to the system administrator(s).

In some cases an additional identifier might be required, either to enter the main system or to enter some subsystem or related system.

Increasing use is being made of other means to supplement or even replace user names and passwords. They include phrases or sentences and biometric identifiers such as fingerprints or retinal scans. Among their advantages are that they are easier to remember and more difficult for intruders (i.e., people who are not authorized to enter the system) to use.

However, biometric identifiers also have some disadvantages. One is that they are more costly to implement than typing data into a keyboard because they require special equipment. Another is that some people object to them as being invasive of personal privacy or for other reasons. A third is that they also might not be completely reliable and it might be possible for impostors and intruders to deceive them.

The process of logging in creates a session (i.e., a period of use), also referred to as a login session, for the user on the target machine or system. That user is referred to as the owner of that session.

When someone logs into an ordinary user account on an operating system that has been designed with security in mind (e.g., a Unix-like system), that person receives access to only a limited set of files and programs on the system. When someone logs into the root (i.e., administrative) account, that person acquires access to all files and programs on the system.

The degree of protection that can be provided for a system and its data by a login procedure varies according to the system and how it is administered. For example, some Microsoft Windows systems have logins that are easily bypassed by merely closing the login window. Thus, anyone can easily gain access to any part of the system.

The effectiveness of logins on Unix-like operating systems is potentially much greater. An important prerequisite for achieving this effectiveness is the enforcement of a policy requiring the use of strong passwords. Strong passwords are strings that are extremely difficult to guess either manually or by using password cracking programs (such as the Crack or John the Ripper).

But it is just as important to make certain that users are not careless with their passwords (e.g., leaving them on paper taped to the wall) and that potential intruders do not have physical access to computers. Just a few minutes of physical access is sufficient for a determined intruder to damage a system or obtain confidential data. That is, logins are only a first line of defense, and they are only effective in defeating relatively simple attacks on a system.

When attempting to log into a system, the user names and passwords entered by the potential user are compared with data contained in special databases on the system. On a system without shadow passwords enabled, the password of each user is encrypted and stored in the password field of the /etc/passwd file. This file also contains unencrypted information about all registered users, including their user names. The fact that /etc/passwd can be read by anyone with access to the system is a security risk because an unauthorized person might be able to decrypt the passwords. Shadow passwords enhance security by storing the encrypted passwords in a separate file that is readable only by the root user.

In addition to restricting access, logins also provide an audit trail in the form of data that is automatically entered into system log files (i.e., automatically updated files that contain records of events that have occurred on a system). Such data can be studied by the system administrator(s) routinely or if there are indications of suspicious activities or damage to the system.

Sometimes it might be desired to confirm the ownership of (i.e., the user name or login name for) the current login session. One way to do this is to use the whoami command.

Ownership of a session can be transferred by its owner or by the system administrator to any other registered user by using the su (substitute user) command.

When a user finishes a computer session, that user will generally log out. Logging out is the act of informing the machine or system that the current user is ending use of it, which results in the system terminating the session. Terminating a session prevents other people from accessing the system without first logging in. Logging out occurs automatically if a computer is shut down without first explicitly logging out (e.g., due to a power disruption).

There is also a command on Unix-like operating systems called login, which is used when logging on to a system or for switching from one user to another, as well as a command called logout which, not surprisingly, can be used for logging out.






Created February 28, 2005.
Copyright © 2005 The Linux Information Project. All Rights Reserved.