Joerg Schilling wrote:
> Alan Coopersmith <Alan.Coopersmith at sun.com> wrote:
>
>> Joerg Schilling wrote:
>>> Giving any kind of information about known user names is considered a
>>> security
>>> risk since aprox. 35 years on UNIX.
>> Depends on site security policy - it's in the same area as deciding whether
>> or
>> not to allow fingerd to run to allow remote user name queries. It's not
>> always
>> bad or forbidden, just an option some sites will want and others will not.
>
> OK, you are right with fingerd, but the last time I did see a working fingerd
> on a worldwide base was in 1997 ;-)
Given this is the gui login, it's even more restricted than finger - by default,
only exposing the usernames to those with direct physical console access. If
sites optionally turn on remote gui login via XDMCP, most will have that
restricted to inside their firewall.
(The first time I saw a "face browser" login was around 1995 on SGI Irix
machines, so there is a long history of this on Unix systems.)
--
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
