jnemeth@victoria.tc.ca (John Nemeth) writes:

>      Back in August of last year PR 30923 -- PAM too verbose and PR
> 31059 -- login too verbose were filed by Zafer Aydogan.  These PRs
> basically pertained to login giving different messages when somebody
> attempted to login as root on an insecure terminal depending on whether
> the password they provided was correct.  I have patches ready to go for
> both PRs; however, I was asked to post here since there was a
> protracted discussion last year.
>
>      There were two issues.  The first was that one person requested a
> flag in login.conf to select between traditional behaviour and always
> giving a "Login incorrect" message.  Everybody else said not to bother
> with a flag as it was a security issue and should be fixed as soon as
> possible.  Thus, I didn't bother with a flag as I agree that one isn't
> needed.  The other issue was that an appropriate message should be
> logged.  In the case of PR 31059, login already did so.  For PR 30923,
> I have prepared a patch for pam_securetty to do so.
>
>      Here are the tested patches.  They are the same as the patches
> that were posted last August with the addition of a patch for
> pam_securetty.  Does anybody have any issue with them?

Not me.

-- 
Rui Paulo - rpaulo@fnop.net