Your message dated Sun, 14 Sep 2008 21:17:08 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#443322: fixed in shadow 1:4.1.1-5 has caused the Debian Bug report #443322, regarding login: immediate 'Login incorrect' after unknown user name to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 443322: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=443322 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: login Version: 1:4.0.18.1-11 Severity: normal Hi, when logging in with an unknown user name, the login is immediately rejected with 'Login incorrect'. I suppose this is bad for security as it allows to more easily guess valid user names. IIRC, last time i consciously checked this (some time ago) it was not possible to distinguish between - username wrong - password wrong - username and password wrong Regards, ingo Here a screen dump of a successful and a failed attempt: Ctrl-Alt-Delete for system halt Linux 2.6.22.5 (tty2) noo login: ingo Password: Last login: Thu Sep 20 17:13:11 CEST 2007 on tty2 Linux noo 2.6.22.5 #3 Sun Aug 26 16:55:43 CEST 2007 i686 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. No mail. noo:~ % exit Ctrl-Alt-Delete for system halt Linux 2.6.22.5 (tty2) noo login: asdf Login incorrect noo login: -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.22.5 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages login depends on: ii libc6 2.6.1-5 GNU C Library: Shared libraries ii libpam-modules 0.99.7.1-4 Pluggable Authentication Modules f ii libpam-runtime 0.99.7.1-4 Runtime support for the PAM librar ii libpam0g 0.99.7.1-4 Pluggable Authentication Modules l login recommends no packages. -- debconf-show failed
--- End Message ---
--- Begin Message ---Source: shadow Source-Version: 1:4.1.1-5 We believe that the bug you reported is fixed in the latest version of shadow, which is due to be installed in the Debian FTP archive: login_4.1.1-5_i386.deb to pool/main/s/shadow/login_4.1.1-5_i386.deb passwd_4.1.1-5_i386.deb to pool/main/s/shadow/passwd_4.1.1-5_i386.deb shadow_4.1.1-5.diff.gz to pool/main/s/shadow/shadow_4.1.1-5.diff.gz shadow_4.1.1-5.dsc to pool/main/s/shadow/shadow_4.1.1-5.dsc A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nicolas FRANCOIS (Nekral) <[EMAIL PROTECTED]> (supplier of updated shadow package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 14 Sep 2008 19:13:34 +0200 Source: shadow Binary: passwd login Architecture: source i386 Version: 1:4.1.1-5 Distribution: unstable Urgency: low Maintainer: Shadow package maintainers <[EMAIL PROTECTED]> Changed-By: Nicolas FRANCOIS (Nekral) <[EMAIL PROTECTED]> Description: login - system login tools passwd - change and administer password and group data Closes: 443322 495831 Changes: shadow (1:4.1.1-5) unstable; urgency=low . * The "Bergues" release. * debian/login.pam: restore the Etch behavior of pam_securetty.so in case of unknown user. Closes: #443322, #495831 Checksums-Sha1: 124b31505b36567ad08941728741b8d692b216a0 1542 shadow_4.1.1-5.dsc de8d92c347cf3134cee736ba66ae2e8c08c20433 90002 shadow_4.1.1-5.diff.gz cd01828a7bf0986edf559a3ec56c556857887e5c 872278 passwd_4.1.1-5_i386.deb 39b85bccea7b6e3da85284e681b10fbb19f3c3a5 854218 login_4.1.1-5_i386.deb Checksums-Sha256: f6a9534e18f6ef3e7a4648e07fd97b366a8dfe4167f23e3abde2137221e4f30a 1542 shadow_4.1.1-5.dsc bac21b5294097f033c6e9cecb0a9d33ca8d924ca85b061a8ad59d68cc404cfad 90002 shadow_4.1.1-5.diff.gz 904d488076feb91aa0d95e170c046d99e33dcef59ce78f01e73d97ca0b24b962 872278 passwd_4.1.1-5_i386.deb b43a27526938ad8f5cc5914ab9c2bbf75e81c4a257a352d9238a8c5611ffc335 854218 login_4.1.1-5_i386.deb Files: 4e3557f9d5b7f3a960838ae9c58c4960 1542 admin required shadow_4.1.1-5.dsc 9af256401017a677733779e34df4bd4a 90002 admin required shadow_4.1.1-5.diff.gz 3260d8fb0bcd29c554ff6193392afb35 872278 admin required passwd_4.1.1-5_i386.deb 4c1dcbc42e6854e146b4e58563f6c4e7 854218 admin required login_4.1.1-5_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkjNepwACgkQWgo5mup89a2MrACaAuhEmbno75lse8D4p8XL0PMR mUMAmgOjZhe7VGXqb5h5QuiA/b93AkOv =0NvY -----END PGP SIGNATURE-----
--- End Message ---

