Bug#250755: gdm: logs bad usernames by default (results in passowrds in the log)

Rob Browning Rob Browning <rlb@defaultvalue.org>, 250755@bugs.debian.org
Mon, 24 May 2004 14:21:06 -0500

Package: gdm

I just noticed that gdm logs "bad usernames" by default.  Here, at
least, that has resulted in several user passwords being recorded in
/var/log/auth.log, and that's something I'd prefer to avoid.

If there's some benefit to logging bad usernames that strongly
supports leaving that as the default, then it'd still be nice to allow
the admin to disable it.  I didn't see such an option, but I might
have overlooked it.

Hmm, actually, now that I look again, perhaps it's not gdm itself.  It
might actually be pam_unix.  If so, feel free to reassign this.

Rob Browning
rlb @defaultvalue.org and @debian.org; previously @cs.utexas.edu
GPG starting 2002-11-03 = 14DD 432F AE39 534D B592  F9A0 25C8 D377 8C7E 73A4