Hi Johan, * Johan Walles <firstname.lastname@example.org> [2008-08-28 13:14]: > 2008/8/28 Giacomo A. Catenazzi <email@example.com>: [...] > > So auth.log should log usernames, so that users don't do > > wrong assumption that password are not accessible by root! > > I can see a point in logging *valid* usernames. Logging invalid > usernames (which aren't unlikely to actually be passwords) is a > security risk. How would you determine valid and invalid ones? A user name that is considered valid could still be a password. Cheers Nico -- Nico Golde - http://www.ngolde.de - firstname.lastname@example.org - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Description: PGP signature