>Number:         30923
>Category:       kern
>Synopsis:       pam too verbose
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Aug 06 04:37:00 +0000 2005
>Originator:     Zafer Aydogan
>Release:        3.99.7
>Organization:
>Environment:
i386 3.99.7
>Description:
I've enabled telnet without authentication in inetd.conf
Then telnetted to the machine.
When trying to log in as root and entering a correct or wrong password, I'm getting two different Error Messages instead of the same.  

NetBSD/i386 (current.aydogan.net) (ttyp0)

login: root

Password: <now I'm entering the correct root password>
login: pam_acct_mgmt: authentication error


Lost Connection to Host.

But now, another try....

NetBSD/i386 (current.aydogan.net) (ttyp0)

login: root

Password: <now I'm entering a wrong root password>
Login incorrect
login: login:

The Verbose PAM Message is telling you, that you have entered the correct root password. 

I would expect, that when I'm entering the right or wrong root password,
that I'm getting the same Message - "Login incorrect".
>How-To-Repeat:
Enable telnet and try to login as root once with the correct and once with a wrong password. 
>Fix:
The Message should always be "login incorrect" without giving a hint to the correct passwort.