[RESOLVED] Force login to ask for name rather than pick from list
[RESOLVED] Force login to ask for name rather than pick from list
Looks like I get to ring the opening bell on the security forum :-D
One of the "improvements" which the Gnome project made a while back was the "pick the user name from a list" login interface. I have always felt that presenting the username at a credential check was a security risk. After all it is giving away half of the credentials.
Here is some code I pocketed back when I reverted this "feature" on Ubuntu. I have tested it on CentOS 6 and it seems to work just fine.
To turn off the list and require the user to enter a name, open a teminal, become root and enter[code]gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type Boolean --set /apps/gdm/simple-greeter/disable_user_list True[/code]
To change back to the list, simply rerun the command with "False" as the last parameter.
Ken
Thanks to the [url=http://ubuntugenius.wordpress.com/2010/06/08/ubuntu-security-remove-the-user-list-menu-from-the-gdm-login-screen/]original poster[/url]
One of the "improvements" which the Gnome project made a while back was the "pick the user name from a list" login interface. I have always felt that presenting the username at a credential check was a security risk. After all it is giving away half of the credentials.
Here is some code I pocketed back when I reverted this "feature" on Ubuntu. I have tested it on CentOS 6 and it seems to work just fine.
To turn off the list and require the user to enter a name, open a teminal, become root and enter[code]gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type Boolean --set /apps/gdm/simple-greeter/disable_user_list True[/code]
To change back to the list, simply rerun the command with "False" as the last parameter.
Ken
Thanks to the [url=http://ubuntugenius.wordpress.com/2010/06/08/ubuntu-security-remove-the-user-list-menu-from-the-gdm-login-screen/]original poster[/url]
Re: Force login to ask for name rather than pick from list
Ah I think Alan filed a bug on that actually. It was another Gnome-ism? Fedora-ism? Both-ism? Apple-wannabe-ism?
Windows does this one right, which is a bit ironic. They will show the last user logged in, but that's it.
Windows does this one right, which is a bit ironic. They will show the last user logged in, but that's it.
Re: Force login to ask for name rather than pick from list
Windows NT, XP and I think 9x showed the last user (unless changed by policy which many corporate admins did). Windows Vista and 7, by default, show an icon for each user account at the login screen.
Ken
Ken
- AlanBartlett
- Forum Moderator
- Posts: 9345
- Joined: 2007/10/22 11:30:09
- Location: ~/Earth/UK/England/Suffolk
- Contact:
Re: Force login to ask for name rather than pick from list
Ah yes, that Fedora-esque security defect. Hmm, let me see, the upstream [url=https://bugzilla.redhat.com/show_bug.cgi?id=666220]bz666220[/url].
Fortunately [b]toracat[/b] came to the rescue with a [url=http://blog.toracat.org/2011/01/gnome-login-shows-all-valid-user-accounts-disable-it/]blog posting[/url].
Fortunately [b]toracat[/b] came to the rescue with a [url=http://blog.toracat.org/2011/01/gnome-login-shows-all-valid-user-accounts-disable-it/]blog posting[/url].
Re: Force login to ask for name rather than pick from list
Win7 might do it in home edition. Business edition, however, only shows the last user. (This may only take effect after one joins the domain, I'm not sure.).
Re: Force login to ask for name rather than pick from list
Thank you for posting this!!
I'm using CentOS at work and display of the last user is contrary to both best practices and policy!
I'm using CentOS at work and display of the last user is contrary to both best practices and policy!
- AlanBartlett
- Forum Moderator
- Posts: 9345
- Joined: 2007/10/22 11:30:09
- Location: ~/Earth/UK/England/Suffolk
- Contact:
Re: Force login to ask for name rather than pick from list
[quote]
display of the last user is contrary to both best practices and policy!
[/quote]
I agree entirely. But, apparently, that logic flew out of the window in [i]Fedora[/i]-land with the version that [i]Red Hat[/i] used to create the basis of [i]RHEL 6[/i].
[quote]
Thank you for posting this!!
[/quote]
I guess you really need to thank [b]toracat[/b] for writing up an appropriate fix. ;-)
By the way, as you are a new forum member, I'll say: [i]Welcome to the [/i]CentOS[i] fora.[/i]
display of the last user is contrary to both best practices and policy!
[/quote]
I agree entirely. But, apparently, that logic flew out of the window in [i]Fedora[/i]-land with the version that [i]Red Hat[/i] used to create the basis of [i]RHEL 6[/i].
[quote]
Thank you for posting this!!
[/quote]
I guess you really need to thank [b]toracat[/b] for writing up an appropriate fix. ;-)
By the way, as you are a new forum member, I'll say: [i]Welcome to the [/i]CentOS[i] fora.[/i]
Re: Force login to ask for name rather than pick from list
As we can change the login process to our liking - contrary to what Red Hat might think is correct - this thread could be marked solved, resolved or dead horse.
TIA,
Ken
TIA,
Ken
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
[RESOLVED] Force login to ask for name rather than pick from
Marking this thread [RESOLVED] for posterity.