Subject: Re: passwd authentication bug
To: Zafer Aydogan <>
From: Allen Briggs <>
List: tech-security
Date: 07/03/2007 16:08:52
On Tue, Jul 03, 2007 at 10:06:01PM +0200, Zafer Aydogan wrote:
> # passwd foobar
> Changing password for foobar.
> Unable to change auth token: failed to recover old authentication token
> instead of displaying that the user doesn't exists.

Isn't this intentional?
To not provide information about which users exist or not.  Granted, for
root, it's not a big deal, but do we really need a separate code path
for that?


Allen Briggs  |  |