Hi Johan, * Johan Walles <[EMAIL PROTECTED]> [2008-08-28 13:14]: > 2008/8/28 Giacomo A. Catenazzi <[EMAIL PROTECTED]>: [...] > > So auth.log should log usernames, so that users don't do > > wrong assumption that password are not accessible by root! > > I can see a point in logging *valid* usernames. Logging invalid > usernames (which aren't unlikely to actually be passwords) is a > security risk.
How would you determine valid and invalid ones? A user name that is considered valid could still be a password. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpzsxIS41qgM.pgp
Description: PGP signature
