On Jul 1,  2:44pm, Bernd Ernesti wrote:
} On Wed, Feb 08, 2006 at 08:41:36PM +0200, Elad Efrat wrote:
} > Bernd Ernesti wrote:
} [code with login.c removed in the last mail]
} 
} > > Removing that output would confuse new users who try to login via an insecure
} > > terminal (telnet) and don't understand why they would get an Login incorrect.
} 
} I see the problem after I looked at 31059.
} IMHO we should change the code and the message in the case of a uid 0 login too.
} 	Login incorrect or refused on this terminal.
} 
} See attached patch.
} Hmm, there is one problem if there are multiple users with the uid 0.
} Someone could check for them with my patch.

     Yes, that is a problem.  You've traded one information leak for a
different, but related, information leak.  That wouldn't be a good
thing.

}-- End of excerpt from Bernd Ernesti