Logging to /var/log/btmp was disabled because "The most common login failure is to give password instead of username", and because the btmp file is world-readable on a Debian system. More info is attached to bug #314956. How about altering the server to only record a failed login to the btmp file if the given username is a valid one? If not then a dummy account name could be logged. -- Sam Morris http://robots.org.uk/ PGP key id 1024D/5EA01078 3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078
Attachment:
signature.asc
Description: This is a digitally signed message part