On Wed, Oct 17, 2012 at 03:07:19PM -0400, Andrew Schultz wrote: > and if you log all attempts to login, then they'll end up in the > logs. I'd suggest that not logging unknown users by default is a > much better solution than having a special log; no admin wants to > see passwords (even if they're root) and unknown usernames (either > typos or passwords) are rarely helpful. I don't think that's true. "You're typing the wrong username" happened to me on multiple occasions when I was doing that kind of support. Additionally, it maybe useful to log this information for intrusion detection and correlation. And, in general, authpriv exists as a mechanism for logging any sort of potentially private data. It would be a security regression to ignore that. -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@xxxxxxxxxxxxxxxxx> -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
