I'm a new Mandrake user, 7.1 with cooker to follow, and have a question about
the login program. I see what I think is a moderately ghastly bug in 7.1 and
wonder if it is fixed in development release, or can be for next release.
On an unsuccessful login, I see PAM output. This is wrong. You may want to log
that output and/or show it to the real user at the next successful login, but
you shouldn't display it on failure.
I'm not authenticated so you shouldn't trust me /at all/ and shouldn't tell me
/anything/ beyond "login failed".
The first discussion of this I saw was in:
R. Morris and K. Thompson, UNIX Password Security, CACM, Vol. 22, 11,
TM 78-1271-5, pp. 594--597, 1979.
and I've had quite a bit of fun since gloating when various non-Unix systems
get it wrong. It really upsets me to see a Linux system muff this.
