[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: gdm Create User
- From: Simo Sorce <ssorce redhat com>
- To: fedora-devel-list redhat com
- Subject: Re: gdm Create User
- Date: Sat, 06 Oct 2007 18:18:23 -0400
On Sat, 2007-10-06 at 13:58 -0500, Douglas McClendon wrote:
> Whenever gdm receives an unknown username, *automatically* create
> that
> account as new, and log them in.
Normally you can't distinguish between 'Authentication Failed' or 'User
unknown' for security reasons. Leaking the information that a user
exists or not is considered bad. Your proposal would make it easy to
leak the information.
If you consider that GDM can be reached via a network using XDMCP, that
means that you may expos an automated way to discover valid usernames on
a box.
Simo.
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]