Date: Thu, 18 Mar 1999 18:59:26 +0200 From: Sheldon Hearn <sheldonh@iafrica.com> To: Zahemszky Gabor <zgabor@CoDe.hu> Cc: freebsd-security@freebsd.org Subject: Re: bug (?) in login limits from login.conf Message-ID: <84824.921776366@axl.noc.iafrica.com> In-Reply-To: Your message of "Thu, 18 Mar 1999 17:23:42 %2B0100." <199903181623.RAA00488@CoDe.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 18 Mar 1999 17:23:42 +0100, Zahemszky Gabor wrote: > If there are any login restrictions (time/host or line) in /etc/login.conf, > login responds with: > <time restriction>: > ``Logins not available right now'' While your comments are fair enough from a security-minded point of view, you need to consider the confusion and frustration that your users will experience when they type their username/password correctly and get exactly the same message they'd get if they were typing their password incorrectly. Login(1) isn't the only part of the system that makes a trade-off between security and sanity. See nologin(8) for one example. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?84824.921776366>