less secure login

To: debian-user@lists.debian.org
Subject: less secure login
From: David Jardine <david@jardine.de>
Date: Thu, 30 Apr 2009 19:45:04 +0100
Message-id: <[🔎] 20090430184504.GA3005@olga>
Mail-followup-to: debian-user@lists.debian.org

When logging into a console under squeeze, a false user name is now
rejected immediately.  Up to recently there was no reaction to a 
false user name until the password had been entered.

Although I personally find the new behaviour more convenient, it 
seems to me less secure to give an intruder feedback on his guess at 
the user name before he goes on to guessing the password.

I couldn't find anything relevant to the change in the docs under 
/usr/share/doc/login - but I don't even know that that's the right 
place to look.

Is this a bug or a supposed feature?  And which package is involved?

Cheers,
David

-- 
"Running Debian/GNU Linux and
loving every minute of it." -L. von Sacher-M. (1835-1895)

Reply to:

Follow-Ups:
- Re: less secure login
  - From: Christian Koerner <ck@ps-xaf.de>

Prev by Date: Re: Looking for Lenny to keep the spam away...
Next by Date: Re: Graphics 1920x1440, monitor 1680x1050, nv 1280x1024.
Previous by thread: Re: xorg (fglrx, radeon, radeonhd, vesa) not working after upgrade
Next by thread: Re: less secure login
Index(es):
- Date
- Thread