Re: Small Bug
nisse@lysator.liu.se (Niels Mvller) writes:
> "Guy's Account" <guy@interlog.com> writes:
>
> > This is not security by obscurity. It is long-established practice.
>
> It might well be "long-established practice". But I still agree with
> Marcus that it (usually) is security by obscurity.
It's also not established practice any longer. Kerberos freely tells
clients the difference between no-such-user and incorrect-password,
and the mail system and ftp and many other programs do the same. So
it's no longer meaningful for the login system to bother with it.
Reply to: