[Pkg-shadow-devel] Bug#531341: prints "login incorrect" without asking for password when entering an invalid login

Dmitri Gribenko gribozavr at gmail.com
Sat Jul 18 19:31:04 UTC 2009

On Sat, Jul 18, 2009 at 8:18 PM, Nicolas
François<nicolas.francois at centraliens.net> wrote:
> Please look at the pam_securetty.so section in /etc/pam.d/login
> There are two contradicting security goals which are to avoid having root's
> password entered on unsafe lines (and unknown users should be considered
> as a mistyped 'root'), and to avoid leaking information regarding existing
> users.

Thank you for the explanation.

> I don't really know how to handle this bug. My preference would go to
> close it (which I will do in a few week if there are no answers). Another
> solution could be to keep it as wontfix as an "information bug" and wait
> until somebody finds a cleaner solution.

I think it is better to keep it as wontfix.

Best regards,

(j){printf("%d\n",i);}}} /*Dmitri Gribenko <gribozavr at gmail.com>*/

More information about the Pkg-shadow-devel mailing list