[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: gdm Create User

From: Simo Sorce <ssorce redhat com>
To: fedora-devel-list redhat com
Subject: Re: gdm Create User
Date: Sat, 06 Oct 2007 18:18:23 -0400

On Sat, 2007-10-06 at 13:58 -0500, Douglas McClendon wrote:
> Whenever gdm receives an unknown username, *automatically* create
> that 
> account as new, and log them in.

Normally you can't distinguish between 'Authentication Failed' or 'User
unknown' for security reasons. Leaking the information that a user
exists or not is considered bad. Your proposal would make it easy to
leak the information.

If you consider that GDM can be reached via a network using XDMCP, that
means that you may expos an automated way to discover valid usernames on
a box.

Simo.

Follow-Ups:
- Re: gdm Create User
  - From: Steve Grubb
- Re: gdm Create User
  - From: Lubomir Kundrak

References:
- gdm Create User
  - From: Richi Plana
- Re: gdm Create User
  - From: Douglas McClendon

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]