[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: gdm Create User

From: Matthew Miller <mattdm mattdm org>
To: Development discussions related to Fedora <fedora-devel-list redhat com>
Cc: Simo Sorce <ssorce redhat com>
Subject: Re: gdm Create User
Date: Sun, 7 Oct 2007 08:06:22 -0400

On Sun, Oct 07, 2007 at 07:42:23AM -0400, Steve Grubb wrote:
> > > Whenever gdm receives an unknown username, *automatically* create
> > > that account as new, and log them in.
> > If you consider that GDM can be reached via a network using XDMCP, that
> > means that you may expos an automated way to discover valid usernames on
> > a box.
> I completely agree here. From a security perspective, this is a bad idea. 

GDM knows if it's running locally or via xdmcp, though. It could act
differently.

> There is also an audit trail that has certain requirements, too. We need to 
> know the real user ID that is creating the account. (Its not root.) Root is a 
> shared account and we need the loginuid of the person creating the account. 
> So, they really do need to log in so that a proper session is setup and all 
> the things we need for the audit trail is filled in.

And yes, the feature should certainly be easy to deactivate. It's
inappropriate for a wide variety of situations.

-- 
Matthew Miller           mattdm mattdm org          <http://mattdm.org/>
Boston University Linux      ------>              <http://linux.bu.edu/>

References:
- gdm Create User
  - From: Richi Plana
- Re: gdm Create User
  - From: Douglas McClendon
- Re: gdm Create User
  - From: Simo Sorce
- Re: gdm Create User
  - From: Steve Grubb

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]