On Tue, Feb 07, 2006 at 07:02:16PM -0800, John Nemeth wrote:
[..]
>      Here are the tested patches.  They are the same as the patches
> that were posted last August with the addition of a patch for
> pam_securetty.  Does anybody have any issue with them?

Yes, see the comment below.

> --- login.c.orig        2006-02-07 17:11:30.000000000 -0800
> +++ login.c     2006-02-07 17:12:36.000000000 -0800
> @@ -503,9 +503,7 @@ main(int argc, char *argv[])
>                  * but with insecure terminal, refuse the login attempt.
>                  */
>                 if (pwd && !rval && rootlogin && !rootterm(tty)) {
> -                       (void)fprintf(stderr,
> -                           "%s login refused on this terminal.\n",
> -                           pwd->pw_name);
> +                       (void)printf("Login incorrect\n");
>                         if (hostname)
>                                 syslog(LOG_NOTICE,
>                                     "LOGIN %s REFUSED FROM %s ON TTY %s",
> 

Hmm, I haven't checked the source code enough, but where is the real problem
here?

Isn't that only for root trying to log in on an insecure terminal, which by
default would only be possible on the console.

Removing that output would confuse new users who try to login via an insecure
terminal (telnet) and don't understand why they would get an Login incorrect.

Bernd