Re: gdm Create User

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Oct 07, 2007 at 07:42:23AM -0400, Steve Grubb wrote:
> > > Whenever gdm receives an unknown username, *automatically* create
> > > that account as new, and log them in.
> > If you consider that GDM can be reached via a network using XDMCP, that
> > means that you may expos an automated way to discover valid usernames on
> > a box.
> I completely agree here. From a security perspective, this is a bad idea. 

GDM knows if it's running locally or via xdmcp, though. It could act
differently.

> There is also an audit trail that has certain requirements, too. We need to 
> know the real user ID that is creating the account. (Its not root.) Root is a 
> shared account and we need the loginuid of the person creating the account. 
> So, they really do need to log in so that a proper session is setup and all 
> the things we need for the audit trail is filled in.

And yes, the feature should certainly be easy to deactivate. It's
inappropriate for a wide variety of situations.

-- 
Matthew Miller           mattdm@xxxxxxxxxx          <http://mattdm.org/>
Boston University Linux      ------>              <http://linux.bu.edu/>

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux