> login> login alanp
> login: alanp: Unknown user
> login> login alan
> Password:
>
> This isn't a good idea security-wise. Instead of the 'User
> Unknown' error, it should just ask for the password and error
> out with an Invalid Password error. The way it is setup now
> it could be used to guess login names, which is pretty much the
> reason that most ftpds ask for a password if there is no such
> username on the system anyways, now.
The -P (--paranoid) switch to login has this behavior. Perhaps it would
make sense for login to always act as if -P were given when run by a user
with no uids. (Ultimately most right might be for the default to act based
on the read permission on /etc/passwd.)
