[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: less secure login

David Jardine <david@jardine.de>:
>  When logging into a console under squeeze, a false user name is now
>  rejected immediately.  Up to recently there was no reaction to a 
>  false user name until the password had been entered.
>  Although I personally find the new behaviour more convenient, it 
>  seems to me less secure to give an intruder feedback on his guess at 
>  the user name before he goes on to guessing the password.
>  I couldn't find anything relevant to the change in the docs under 

I noticed on a recent Lenny install that the maintainer had changed the
default behaviour of useradd/adduser (?).  Dunno if that's related.

Any technology distinguishable from magic is insufficiently advanced.
(*)                                         Please don't Cc: me.
- -

Reply to: