[Pkg-shadow-devel] Bug#531341: prints "login incorrect" without asking for password when entering an invalid login
Nicolas François
nicolas.francois at centraliens.net
Sun Jul 19 08:28:00 UTC 2009
tags 531341 wontfix
thanks
There are two contradicting security goals which are to avoid having root's
password entered on unsafe lines (and unknown users should be considered
as a mistyped 'root'), and to avoid leaking information regarding existing
users.
The default can be changed in /etc/pam.d/login.
I'm keeping the bug open and tagged wontfix...
until another solution is found or enough arguments are provided to change
the default for Debian.
Best Regards,
--
Nekral
More information about the Pkg-shadow-devel
mailing list