[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security problem in pam_unix?



What should the solution be?

Not logging the "username" at all? Or logging it if and only if the
"username" is actually a valid username?

I lean to the latter.

Nico


On Thu, Dec 07, 2000 at 05:59:51PM +0000, John Haxby wrote:
[A complaint about logging usernames in failed login attempts, which logs
can lead to logging of passwords when users accidentally type in their
passwords at the username prompt, was here.]
--





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []