gdm Create User

Simo Sorce ssorce at redhat.com
Sat Oct 6 22:18:23 UTC 2007


On Sat, 2007-10-06 at 13:58 -0500, Douglas McClendon wrote:
> Whenever gdm receives an unknown username, *automatically* create
> that 
> account as new, and log them in.

Normally you can't distinguish between 'Authentication Failed' or 'User
unknown' for security reasons. Leaking the information that a user
exists or not is considered bad. Your proposal would make it easy to
leak the information.

If you consider that GDM can be reached via a network using XDMCP, that
means that you may expos an automated way to discover valid usernames on
a box.

Simo.




More information about the fedora-devel-list mailing list