Login functionality

Anderson Lizardo lizardo at linuxfromscratch.org
Tue Feb 17 13:34:37 PST 2004


On Ter, 17 Fev 2004 13:48:48 -0500, Archaic wrote:
> Feb 17 13:48:31 robson login[98]: invalid password for `UNKNOWN' on `tty4'
> 
> If someone was trying to guess a username we could spot it easier if
> UNKNOWN was changed to the actual typed name. We could also
> differentiate someone just missing a letter from their username.

AFAIK, the actual failed login name doesn't appear on the auth.log for
security reasons. Often people type their password as login name by
accident so anyone with access to the log file (including malicious
administrators) can get the plain text password there and try the same
password e.g. on HotMail accounts ;)

-- 
Anderson Lizardo
lizardo at linuxfromscratch.org
http://www.linuxfromscratch.org/



More information about the hlfs-dev mailing list