gdm Create User
Simo Sorce
ssorce at redhat.com
Sat Oct 6 22:18:23 UTC 2007
On Sat, 2007-10-06 at 13:58 -0500, Douglas McClendon wrote:
> Whenever gdm receives an unknown username, *automatically* create
> that
> account as new, and log them in.
Normally you can't distinguish between 'Authentication Failed' or 'User
unknown' for security reasons. Leaking the information that a user
exists or not is considered bad. Your proposal would make it easy to
leak the information.
If you consider that GDM can be reached via a network using XDMCP, that
means that you may expos an automated way to discover valid usernames on
a box.
Simo.
More information about the fedora-devel-list
mailing list