Re: less secure login
David Jardine <david@jardine.de>:
> When logging into a console under squeeze, a false user name is now
> rejected immediately. Up to recently there was no reaction to a
> false user name until the password had been entered.
>
> Although I personally find the new behaviour more convenient, it
> seems to me less secure to give an intruder feedback on his guess at
> the user name before he goes on to guessing the password.
>
> I couldn't find anything relevant to the change in the docs under
I noticed on a recent Lenny install that the maintainer had changed the
default behaviour of useradd/adduser (?). Dunno if that's related.
--
Any technology distinguishable from magic is insufficiently advanced.
(*) Please don't Cc: me.
- -
Reply to: