When logging into a console under squeeze, a false user name is now rejected immediately. Up to recently there was no reaction to a false user name until the password had been entered.
Although I personally find the new behaviour more convenient, it seems to me less secure to give an intruder feedback on his guess at the user name before he goes on to guessing the password. I couldn't find anything relevant to the change in the docs under /usr/share/doc/login - but I don't even know that that's the right place to look. Is this a bug or a supposed feature? And which package is involved? Cheers, David -- "Running Debian/GNU Linux and loving every minute of it." -L. von Sacher-M. (1835-1895) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
