Alan Coopersmith wrote:
> Joerg Schilling wrote:
> > Giving any kind of information about known user names is considered a
> > security
> > risk since aprox. 35 years on UNIX.
>
> Depends on site security policy - it's in the same area as deciding whether or
> not to allow fingerd to run to all
Joerg Schilling wrote:
> Alan Coopersmith wrote:
>
>> Joerg Schilling wrote:
>>> Giving any kind of information about known user names is considered a
>>> security
>>> risk since aprox. 35 years on UNIX.
>> Depends on site security policy - it's in the same area as deciding whether
>> or
>> no
Joerg Schilling wrote:
> Giving any kind of information about known user names is considered a
> security
> risk since aprox. 35 years on UNIX.
Depends on site security policy - it's in the same area as deciding whether or
not to allow fingerd to run to allow remote user name queries. It's not
Joerg Schilling schrieb:
> Brian Cameron wrote:
>
> nobody:x:60001:60001:NFS Anonymous Access User:/:
> noaccess:x:60002:60002:No Access User:/:
> nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
Since these users do not have valid shells specified, these would not
>>
Brian Cameron wrote:
> >>> nobody:x:60001:60001:NFS Anonymous Access User:/:
> >>> noaccess:x:60002:60002:No Access User:/:
> >>> nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:
> >>
> >> Since these users do not have valid shells specified, these would not
> >> be shown.
> >
> > A b
Bob Doolittle schrieb:
> Brian Cameron wrote:
>>> What about when NIS or LDAP is in use ? Do we really want GDM attempting
>>> to display 38,000+ accounts ?
>> As I explain above, this should not be an issue.
>
> In a server-based (e.g. thin client) desktop environment, the number of
> users who
>Correct. The way the code works is that it calls fgetpwent() and if
>/etc/passwd contains no value, then that account does not show up in the
>Face Browser. So, users would need to avoid using the shorthand if they
>want the user to show up in the GDM Face Browser.
>
>If that is inappropriate,
> - If the /var/cache/gdm/user-$uid/dmrc file does not exist, then
>GDM will log the user into the default session/language or whichever
>ones they selected in the GUI. Then it will save the dmrc file to
>the cache with the default settings. On next login, the defaults
>will be re
Brian Cameron wrote:
>
> Alan:
>
The reason I ask is because the GNOME users and groups tool gets this
wrong on Solaris. It correctly hides by default all those accounts with
a uid< 100 but it doesn't hide the other reserved system accounts:
nobody:x:60001:60001:NFS Anon
Darren:
>> Correct. The way the code works is that it calls fgetpwent() and if
>> /etc/passwd contains no value, then that account does not show up in the
>> Face Browser. So, users would need to avoid using the shorthand if they
>> want the user to show up in the GDM Face Browser.
>
> Which name
Frank:
>> The new GDM greeter only allows the specification of the background
>> image to be used with the new GDM. Unless the "gdm" user is configured
>> to use a different background image, it will use the same background
>> that is shown by default for a user session. So, without any extra
>>
Alan:
>>> The reason I ask is because the GNOME users and groups tool gets this
>>> wrong on Solaris. It correctly hides by default all those accounts with
>>> a uid< 100 but it doesn't hide the other reserved system accounts:
>>>
>>> nobody:x:60001:60001:NFS Anonymous Access User:/:
>>> noacces
Brian Cameron wrote:
>> What about when NIS or LDAP is in use ? Do we really want GDM attempting
>> to display 38,000+ accounts ?
> As I explain above, this should not be an issue.
In a server-based (e.g. thin client) desktop environment, the number of
users who have ever utilized a server could
Brian Cameron wrote:
>
> Darren:
>
> Thanks for your questions.
>
>> 3. Greeter themes
>>
>> What is the impact to the OpenSolaris branding given the new theme
>> restrictions ?
>
> The new GDM greeter only allows the specification of the background
> image to be used with the new GDM. Unless the
Brian Cameron wrote:
>> The reason I ask is because the GNOME users and groups tool gets this
>> wrong on Solaris. It correctly hides by default all those accounts with
>> a uid < 100 but it doesn't hide the other reserved system accounts:
>>
>> nobody:x:60001:60001:NFS Anonymous Access User:/:
>
15 matches
Mail list logo