Subject: NetBSD master CVS tree commits
To: None <source-changes@NetBSD.ORG>
From: None <source@NetBSD.ORG>
List: source-changes
Date: 06/29/1997 02:40:01
Sat Jun 28 19:38:26 PDT 1997
Update of /cvsroot/src/usr.bin/login
In directory netbsd1:/var/slash-tmp/cvs-serv24247

Modified Files:
Log Message:
Don't leak some information (``you have no s/key'').

Only information leaks now are:
* if '-s -s' is used (only allow s/key users, and force s/key use),
  then "login incorrect" will be given if a non-s/key user (or
  non-existant user) attempts to login; no password will be prompted
  XXX: maybe this should be fixed, but further analysis is required.
* an s/key user will be reminded in the "Password" prompt that they
  have an s/key. Therefore it would be possible to determine if a user
  is active on the machine if they have an s/key.
  XXX: maybe an option is required to control this behaviour