Hi Johan, * Johan Walles <johan.walles@gmail.com> [2008-08-28 13:14]: > 2008/8/28 Giacomo A. Catenazzi <cate@debian.org>: [...] > > So auth.log should log usernames, so that users don't do > > wrong assumption that password are not accessible by root! > > I can see a point in logging *valid* usernames. Logging invalid > usernames (which aren't unlikely to actually be passwords) is a > security risk. How would you determine valid and invalid ones? A user name that is considered valid could still be a password. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpEamvub2Vny.pgp
Description: PGP signature