Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!triceratops.cis.ohio-state.edu!karl
From: karl@triceratops.cis.ohio-state.edu (Karl Kleinpaste)
Newsgroups: comp.sys.pyramid
Subject: Re: Gratuitous console msgs
Message-ID: <20968@tut.cis.ohio-state.edu>
Date: 30 Aug 88 12:16:18 GMT
References: <20@usl-pc.usl.edu> <3495@polyslo.CalPoly.EDU>
Sender: news@tut.cis.ohio-state.edu
Distribution: na
Lines: 25
In-reply-to: steve@polyslo.CalPoly.EDU's message of 28 Aug 88 08:03:37 GMT

steve@polyslo.calpoly.edu writes:
   Another annoying "feature", introduced in OSx4.4
   is the fact that when there are bad login messages, they only
   report which tty the bad login occured on, and not what/who it was.

There is in fact at least one good reason for this.  Sometimes people
make a mistake in their login sequence, and inadvertently type their
password at the login: prompt.  Not only does it echo on their screen
for all those people looking over their shoulder to read, but if the
`login name' is logged as part of the BADLOGIN or BADREMOTE to the
console, then anyone in the machine room can see your password, too.
We don't own our entire machine room; other departments have equipment
in there, too, and one 98xe is in a semi-public Macintosh lab, guarded
only by the lab monitor on duty.

Since such a mistake is usually coupled with having already made a
mistake (login as root, mistype password, retype correct password at
next login:), it's pretty easy to correlate a pair BAD{LOGIN,REMOTE}
lines, one with a normal login name and one with seeming line noise.

Personally, I want to be able to configure whether or not the login
name appears in the BAD{LOGIN,REMOTE} messages.  Stop hard-coding
these difficult choices.

--Karl