On Mon, 26 Jul 1999, Bill Sommerfeld wrote:

> You don't want to log failed login attempts for unknown users, as
> users often get out of phase with the login program and enter a
> password where a login name is called for.  Failed attempts where the
> user was known *could* go into wtmp, too, but that creates a potential
> denial-of-service attack due to logfile overflow..

AIX actually does something sane here. They record a count of failed
logins, and the source of the last one. Sounds like a good compromise
between file size and keeping detail.

They actually keep the infor in a different file which has one entry per
user, but the idea's the same.

Take care,

Bill