Subject: Re: PRs 30923 and 31059
To: None <tech-security@NetBSD.org>
From: Gavan Fantom <firstname.lastname@example.org>
Date: 02/10/2006 19:12:36
Bernd Ernesti wrote:
> IMHO we should change the code and the message in the case of a uid 0 login too.
> Login incorrect or refused on this terminal.
Printing a different message here allows any network user, without
authentication, to query whether a user has uid 0 or not.
Would it not be better to output "Login incorrect", and then log the
Gillette - the best a man can forget