Subject: root password : security hole ?
To: None <>
From: Florence HENRY <>
List: netbsd-users
Date: 03/11/2003 18:52:24

I know it's a bad idea to log in as root via telnet but I tried once to
test s/key, and I found something strange.

If you give the bad password, telnetd behaves as usual :
Login incorrect

But if you give the good one, it says :
root login refused on this terminal.

On a digital unix, both give Login incorrect.

I know there is little chance that a someone (human or not) guesses the
root password as first try, but I don't like the idea to give anyone
any indication about the root password.

What do you think about that ? Could it be a security hole ?

Florence HENRY
florence point henry arobasse obspm point fr