[9364] in Athena Bugs
Re: vax 7.4C: /bin/login
daemon@ATHENA.MIT.EDU (Richard Basch)
Tue May 26 23:55:30 1992
Date: Tue, 26 May 92 23:55:05 -0400
To: ckclark@MIT.EDU
Cc: bugs@MIT.EDU, testers@MIT.EDU
In-Reply-To: Calvin Clark's message of Tue, 26 May 92 21:48:13 -0400,
From: "Richard Basch" <basch@MIT.EDU>
Date: Tue, 26 May 92 21:48:13 -0400
From: Calvin Clark <ckclark@mit.edu>
Reply-To: ckclark@mit.edu
System name: oliver
Type and version: MVAX-II 7.4C
Display type: QVSS
What were you trying to do?
Log in to oliver, which is configured with /etc/noremote.
. . .
What should have happened:
It should not have prompted me for Jeff's password.
I would disagree; many people instinctively type username followed by
password, and if people are doing things quickly, the password may end
up on the screen if the user is not careful.
Also, according to the UNIX paradigm, the "login" program was designed
to always prompt for username and password, and then say "Login
incorrect" regardless of the type of error. Of course, if you have
finger enabled, you can always find out who has a local account.
Anyway, on the RISC/6000, you also have this behavior, but the only
information that is ever given away are the messages stored in the
/etc/no* files (and if no message exists, no information is divulged).
I do not think the traditional UNIX paradigm is a strong argument, but I
do argue about a user expecting the next line being the password prompt
and may start typing as soon as the screen changes (or before, depending
on whether they have been screwed or not in the past), without fully
interpreting the contents of the next line. I, for one, have occassionally
caught myself doing that.
-Richard
