On Jan 14,  5:02pm, Rui Paulo wrote:
} On 2005.08.24 13:27:10 +0000, John Nemeth wrote:
} | Anyways, here's a patch for 2.1:
} |=20
} | --- login.c.orig        2005-08-24 13:07:05.000000000 -0700
} | +++ login.c     2005-08-24 13:08:30.000000000 -0700
} | @@ -503,9 +503,7 @@
} |                  * but with insecure terminal, refuse the login attempt.
} |                  */
} |                 if (pwd && !rval && rootlogin && !rootterm(tty)) {
} | -                       (void)fprintf(stderr,
} | -                           "%s login refused on this terminal.\n",
} | -                           pwd->pw_name);
} | +                       (void)printf("Login incorrect\n");
} |                         if (hostname)
} |                                 syslog(LOG_NOTICE,
} |                                     "LOGIN %s REFUSED FROM %s ON TTY %s",
} |=20
} | I don't know whether this is considered to be a problem though, since
} | it is consistent with traditional Unix behaviour.
} 
} I agree this is not a problem since it's mostly a traditional
} behaviour.  SunOS, for example, doesn't even check for good/bad
} password (at least on SunOS 5.9).  Your patch doesn't look wrong, but
} I would prefer if we could add a login.conf attribute to turn on/off
} this behaviour.

     That would be a significantly more complex patch.  If I get time,
I may dig into login.c a little deeper and figure out how to do this.
However, I wonder if it is worth it, considering that this will soon be
legacy code?

}-- End of excerpt from Rui Paulo