[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_nologin



On Sun, 23 Feb 1997, Joseph S. D. Yao wrote:

> My understanding is that Han Holl complains, when the following occurs:
> 	- a "nologin" file exists.
> 	- the computer prompts for a username [logname].
> 	- a user enters his or her logname.
> 	- the computer displays the contents of the "nologin" file.
> 	- the computer states that the login is incorrect.
> 	- the computer requests another logname.

Would it make sense to ask for the password as well, on the principle of
not giving information out to nonauthenticated user, including the fact
that they can't log in? Also, if someone has changed uid 0 to be named
something other than root, would this reveal that fact?

Bob



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []