Bug#459631: libpam-gnome-keyring: Don't log mistyped usernames

Jö Fahlke jorrit at jorrit.de
Mon Jan 7 18:35:00 UTC 2008


Package: libpam-gnome-keyring
Version: 2.20.2-1
Severity: important

I accidently typed my password instead of my username.  That produced
the following syslog entry (password censored):

Jan  7 18:53:03 jupiter gdm[4458]: gkr-pam: error looking up user information for: MY_PW_HERE

Together with some other misconfiguration this might even become a
security hole. For this reason pam-unix will not log the username if
it is unknown to the system.

Thanks,
Jö.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-3-k7 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libpam-gnome-keyring depends on:
ii  libc6                         2.7-5      GNU C Library: Shared libraries
ii  libpam0g                      0.99.7.1-5 Pluggable Authentication Modules l

libpam-gnome-keyring recommends no packages.

-- no debconf information

-- 
If you receive something that says "Send this to everyone you know,"
pretend you don't know me.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20080107/0753f741/attachment.pgp 


More information about the pkg-gnome-maintainers mailing list