2009/1/18 Florian Mickler <flor...@mickler.org>: >> > people >> > often confuse which password they have to enter where, and thus >> > valid passwords would wander into the logs for malicous people to >> > collect and use at other sites. >> >> auth.log is only readable to sysadmins. >> > <sarcasm> oh what a wonderful world </sarcasm> > > The only way to prevent misuse of such information is to _not_ _log_ > _it_. >
Naturally, I would not log invalid password attempts on a machine to which valid users log into remotely. But if I am being attacked, then I would like to log that info. Maybe they know my password and not my username? Or an older password? It is entirely possible, as I change the username each time I install but not always the password. > If you really need to satisfy your curiosity hack the sources or look > at 'john' or something like that. > Thanks, I will google "john". -- Dotan Cohen http://what-is-what.com http://gibberish.co.il א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת ا-ب-ت-ث-ج-ح-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه-و-ي А-Б-В-Г-Д-Е-Ё-Ж-З-И-Й-К-Л-М-Н-О-П-Р-С-Т-У-Ф-Х-Ц-Ч-Ш-Щ-Ъ-Ы-Ь-Э-Ю-Я а-б-в-г-д-е-ё-ж-з-и-й-к-л-м-н-о-п-р-с-т-у-ф-х-ц-ч-ш-щ-ъ-ы-ь-э-ю-я ä-ö-ü-ß-Ä-Ö-Ü
