Subject: Re: increasing UT_HOSTSIZE for IPv6?
To: Todd Vierling <tv@pobox.com>
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
List: tech-userlevel
Date: 07/26/1999 12:38:40
> :  - I'd probably also extend lastlog to record unsuccessful login info
> : as well.
> 
> I hope you meant wtmp.  Lastlog is a last-login-*only* database file, and
> does not hold more than 1 record per uid.

No, lastlog, so it could be found efficiently by login to display on a
successful login.  The per-user record would be extended to include
failed login info as well as successful login info.

You don't want to log failed login attempts for unknown users, as
users often get out of phase with the login program and enter a
password where a login name is called for.  Failed attempts where the
user was known *could* go into wtmp, too, but that creates a potential
denial-of-service attack due to logfile overflow..

						- Bill