[Pkg-shadow-devel] Bug#531341: prints "login incorrect" without asking for password when entering an invalid login

Nicolas François nicolas.francois at centraliens.net
Sun Jul 19 08:28:00 UTC 2009

tags 531341 wontfix

There are two contradicting security goals which are to avoid having root's
password entered on unsafe lines (and unknown users should be considered
as a mistyped 'root'), and to avoid leaking information regarding existing

The default can be changed in /etc/pam.d/login.

I'm keeping the bug open and tagged wontfix...
until another solution is found or enough arguments are provided to change
the default for Debian.

Best Regards,

More information about the Pkg-shadow-devel mailing list