Steve Langasek wrote: > If your system log files are configured such that anyone (not just > trusted administrators) can read them, then of course this logging is a bad > thing. The solution here is to provide an easy mechanism for the system > administrator to enable or disable username logging as deemed appropriate, and > to arm said administrator with as much information as possible about the > consequences. Personally, I don't mind having the usernames logged by > default; but I also don't mind having this turned off. Unless someone > objects, I don't see any reason not to change the default. IIRC the pam_pwdb module had an 'audit' option to log this bit of data. Cheers Andrew
