Subject: NetBSD master CVS tree commits
To: None <source-changes@NetBSD.ORG>
From: None <source@NetBSD.ORG>
Date: 06/29/1997 02:40:01
Sat Jun 28 19:38:26 PDT 1997
Update of /cvsroot/src/usr.bin/login
In directory netbsd1:/var/slash-tmp/cvs-serv24247
Don't leak some information (``you have no s/key'').
Only information leaks now are:
* if '-s -s' is used (only allow s/key users, and force s/key use),
then "login incorrect" will be given if a non-s/key user (or
non-existant user) attempts to login; no password will be prompted
XXX: maybe this should be fixed, but further analysis is required.
* an s/key user will be reminded in the "Password" prompt that they
have an s/key. Therefore it would be possible to determine if a user
is active on the machine if they have an s/key.
XXX: maybe an option is required to control this behaviour