[Pkg-shadow-devel] Bug#531341: prints "login incorrect" without asking for password when entering an invalid login

[Dmitri Gribenko]

On Sat, Jul 18, 2009 at 8:18 PM, Nicolas
François<nicolas.francois at centraliens.net> wrote:
> Please look at the pam_securetty.so section in /etc/pam.d/login
>
> There are two contradicting security goals which are to avoid having root's
> password entered on unsafe lines (and unknown users should be considered
> as a mistyped 'root'), and to avoid leaking information regarding existing
> users.

Thank you for the explanation.

> I don't really know how to handle this bug. My preference would go to
> close it (which I will do in a few week if there are no answers). Another
> solution could be to keep it as wontfix as an "information bug" and wait
> until somebody finds a cleaner solution.

I think it is better to keep it as wontfix.

Best regards,
Dmitri

-- 
main(i,j){for(i=2;;i++){for(j=2;j<i;j++){if(!(i%j)){j=0;break;}}if
(j){printf("%d\n",i);}}} /*Dmitri Gribenko <gribozavr at gmail.com>*/