Re: Fwd: Password leaks are security holes
Johan Walles wrote:
Let's keep debian-security in the discussion to see what others have
to say about this.
Technically I agree with you when you say that people shouldn't enter
anything but their usernames at the login prompt, but the fact is that
people (like me and the bug submitter for example) *do* enter their
passwords there from time to time. People make mistakes, and this is
not an uncommon one.
Security shouldn't be based on nobody ever doing more or less common mistakes.
auth.log was invented for this reason, and separated to standard log:
it should be readable only by root, because users do errors.
Anyway root already has the capability to view passwords
(i.e. by installing alternate login programs, sniffing tty, ...)
So auth.log should log usernames, so that users don't do
wrong assumption that password are not accessible by root!