Re: less secure login

To: debian-user@lists.debian.org
Subject: Re: less secure login
From: "s. keeling" <keeling@nucleus.com>
Date: Thu, 30 Apr 2009 18:38:24 -0600
Message-id: <[🔎] 20090501003824.GA3968@nucleus.com>

David Jardine <david@jardine.de>:
>  When logging into a console under squeeze, a false user name is now
>  rejected immediately.  Up to recently there was no reaction to a 
>  false user name until the password had been entered.
> 
>  Although I personally find the new behaviour more convenient, it 
>  seems to me less secure to give an intruder feedback on his guess at 
>  the user name before he goes on to guessing the password.
> 
>  I couldn't find anything relevant to the change in the docs under 

I noticed on a recent Lenny install that the maintainer had changed the
default behaviour of useradd/adduser (?).  Dunno if that's related.


-- 
Any technology distinguishable from magic is insufficiently advanced.
(*)                                         Please don't Cc: me.
- -

Reply to:

Prev by Date: execution of exim by user
Next by Date: "Mutt, Exim4, Debian, Ubuntu and BCC. FAIL" (debian-news.net).
Previous by thread: Re: less secure login
Next by thread: execution of exim by user
Index(es):
- Date
- Thread