Login functionality

Archaic archaic at indy.rr.com
Tue Feb 17 20:05:54 PST 2004


On Tue, Feb 17, 2004 at 05:34:37PM -0400, Anderson Lizardo wrote:
> 
> AFAIK, the actual failed login name doesn't appear on the auth.log for
> security reasons. Often people type their password as login name by
> accident so anyone with access to the log file (including malicious
> administrators) can get the plain text password there and try the same
> password e.g. on HotMail accounts ;)

Makes sense... somewhat. However, a malicious admin causes all bets to
be off, so I wouldn't use that line of reasoning for not implementing
this feature.

Any one else want to chime in?

-- 
Archaic

It is proper to take alarm at the first experiment on our liberties. We
hold this prudent jealousy to be the first duty of citizens and one of
the noblest characteristics of the late Revolution. The freemen of
America did not wait till usurped power had strengthened itself by
exercise and entangled the question in precedents. They saw all the
consequences in the principle, and they avoided the consequences by
denying the principle. We revere this lesson too much ... to forget it

- James Madison.




More information about the hlfs-dev mailing list