Re: i18n problem in GDM
- From: "Ross Golder" <ross golder org>
- To: "George" <jirka 5z com>
- Cc: "Ross Golder" <ross golder org>,"Kjartan Maraas" <kmaraas broadpark no>, jirka 5z com,gnome-i18n gnome org
- Subject: Re: i18n problem in GDM
- Date: Wed, 10 Mar 2004 10:59:07 +0700 (ICT)
> On Tue, Mar 09, 2004 at 11:33:12AM +0700, Ross Golder wrote:
>> I'd second that. Nice gimmick, but apart from being i18n'ly broken, it
>> also slows down the login process noticably and unnecessarily. Probably
>> best defaulted off ;)
>
> It was added to make it compliant with some US govt code (and others
> probably, see http://bugzilla.gnome.org/show_bug.cgi?id=128940) not as a
> gimmick. It's a security measure to allow users to note the last time of
> their login before they actually log in. This is useful since logging in
> could run a malicious login script. In any case it makes it much easier
> to
> spot that someone else is using your account, and apparently such a
> feature
> seems to be required for at least the dod and likely others.
>
Hehe. I don't know whether to laugh or cry. I find it strange that I could
just walk up to a DOD computer, type in a login and it will confirm that
the account exists and when that person last logged on. I guess I'd still
have to have access to a DOD computer in the first place :)
If I logged into a non-graphical terminal (e.g. 'login' process), it would
only be _after_ I'd successfully authenticated myself as a legitimate user
before it said 'you last logged in on' and I was able to use commands like
'last' to determine who logged in and when.
Anyways, end of rant. I guess, being in the defence (sp - en_GB) business,
it's up to the DOD to decide on their own definition of security :)
> Also there is absolutely no slowdown because of this, if running 'last'
> slows
> down your system, something is horribly wrong with it. I suppose 'last'
> should be translated (I assumed it was actually), in this case we will
> have
> to add our own 'last' to gdm like we have say our own version of 'open'
> where we can.
>
Does the 'last' check run in a seperate thread, or does it block the
password entry? Under load 'last' can take around ten seconds on my
machine, and that's only for one months of logins on a single-user laptop.
I don't want to grow a beard waiting to be able to enter my password :)
Also, IMHO, it'd be better to handle the lookup within gdm, using wtmp
file directly and l10n'ing the output using gettext. Should make it even
quicker, and solve the i18n issue.
> But in any case, it is a security feature, not a gimmick, and one that is
> in
> fact required in some installations. We can turn it off by default for
> 2.6
> in the config file.
>
OK, sorry for calling it a gimmick. I didn't expect that it could be such
a serious <giggle>security feature</giggle>. Still, it's probably best to
turn it off by default and let security-conscious people (like the DOD)
turn it on if they really want/need it :)
Cheers,
--
Ross
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]