jose nazario <[EMAIL PROTECTED]> writes:
> - debug("Rhosts authentication failed for '%.100s', remote '%.100s', host
>'%.200s'.",
> + log_msg("Rhosts authentication failed for '%.100s', remote '%.100s', host
>'%.200s'.",
> user, client_user, get_canonical_hostname());
I don't think this patch is a good idea. If a user accidentally
enters his password in place of his user name, the password will show
up in the log. That's probably the reason while logging is available
only in the debug mode. It should be sufficient to log the IP address
of the client trying to authenticate.
--
Florian Weimer [EMAIL PROTECTED]
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
