On 06/16/2013 06:02 PM, Joshua D. Drake wrote:
> Instead of pushing extra info to the logs I decided that we could
> without giving away extra details per policy. I wrote the error message
> in a way that tells the most obvious problems, without admitting to any
> of them. Please see attached:
+1 for solving this with a bit of word-smithing.
However, the proposed wording doesn't sound like a full sentence to my
ears, because a password or username cannot fail per-se.
How about:
"password authentication failed or account expired for user \"%s\""
It's a bit longer, but sounds more like a full sentence, no?
Regards
Markus Wanner