On Sun, Oct 07, 2007 at 07:42:23AM -0400, Steve Grubb wrote: > > > Whenever gdm receives an unknown username, *automatically* create > > > that account as new, and log them in. > > If you consider that GDM can be reached via a network using XDMCP, that > > means that you may expos an automated way to discover valid usernames on > > a box. > I completely agree here. From a security perspective, this is a bad idea. GDM knows if it's running locally or via xdmcp, though. It could act differently. > There is also an audit trail that has certain requirements, too. We need to > know the real user ID that is creating the account. (Its not root.) Root is a > shared account and we need the loginuid of the person creating the account. > So, they really do need to log in so that a proper session is setup and all > the things we need for the audit trail is filled in. And yes, the feature should certainly be easy to deactivate. It's inappropriate for a wide variety of situations. -- Matthew Miller mattdm@xxxxxxxxxx <http://mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/> -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
