Re: gdm minor security issue...

[Martin Kasper Petersen <mkp socsci auc dk>]

>>>>> "B" == B  <bolen@hcs.harvard.edu> writes:

B> On the gdm login screen if you enter an invalid username (aka the
B> user doesn't exist on the machine) you can't tab to the password
B> field.  Thus a user could, in theory, probe for valid usernames on
B> a machine.

B> This is minor, but something that most systems try not to allow.

The next release of gdm (which will happen within the next couple of
days) will include gdmlogin, -- a greeter replacement for secure
environments. 

gdmlogin doesn't support face browsing and tab completion. However, it
provides a real PAM conversation function and does username
hiding. Several people requested this.

gdm will install with gdmlogin as default from now on. The old and
more featureful gdmgreeter will be provided for environments where
usernames can be exposed.

-- 
Martin Kasper Petersen			BOFH, IC1&2, Aalborg University, DK
mailto:mkp@SunSITE.auc.dk		http://www.socsci.auc.dk/~mkp/