[EMAIL PROTECTED] (Niels Mvller) writes: > "Guy's Account" <[EMAIL PROTECTED]> writes: > > > This is not security by obscurity. It is long-established practice. > > It might well be "long-established practice". But I still agree with > Marcus that it (usually) is security by obscurity.
It's also not established practice any longer. Kerberos freely tells clients the difference between no-such-user and incorrect-password, and the mail system and ftp and many other programs do the same. So it's no longer meaningful for the login system to bother with it.
