On Sat, 2007-10-06 at 13:58 -0500, Douglas McClendon wrote: > Whenever gdm receives an unknown username, *automatically* create > that > account as new, and log them in. Normally you can't distinguish between 'Authentication Failed' or 'User unknown' for security reasons. Leaking the information that a user exists or not is considered bad. Your proposal would make it easy to leak the information. If you consider that GDM can be reached via a network using XDMCP, that means that you may expos an automated way to discover valid usernames on a box. Simo. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
