[RESOLVED] Force login to ask for name rather than pick from list

[taylorkh]

Looks like I get to ring the opening bell on the security forum :-D

One of the "improvements" which the Gnome project made a while back was the "pick the user name from a list" login interface. I have always felt that presenting the username at a credential check was a security risk. After all it is giving away half of the credentials.

Here is some code I pocketed back when I reverted this "feature" on Ubuntu. I have tested it on CentOS 6 and it seems to work just fine.

To turn off the list and require the user to enter a name, open a teminal, become root and enter[code]gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type Boolean --set /apps/gdm/simple-greeter/disable_user_list True[/code]

To change back to the list, simply rerun the command with "False" as the last parameter.

Ken

Thanks to the [url=http://ubuntugenius.wordpress.com/2010/06/08/ubuntu-security-remove-the-user-list-menu-from-the-gdm-login-screen/]original poster[/url]

[scottro]

Ah I think Alan filed a bug on that actually. It was another Gnome-ism? Fedora-ism? Both-ism? Apple-wannabe-ism?

Windows does this one right, which is a bit ironic. They will show the last user logged in, but that's it.

[taylorkh]

Windows NT, XP and I think 9x showed the last user (unless changed by policy which many corporate admins did). Windows Vista and 7, by default, show an icon for each user account at the login screen.

Ken

[AlanBartlett]

Ah yes, that Fedora-esque security defect. Hmm, let me see, the upstream [url=https://bugzilla.redhat.com/show_bug.cgi?id=666220]bz666220[/url].

Fortunately [b]toracat[/b] came to the rescue with a [url=http://blog.toracat.org/2011/01/gnome-login-shows-all-valid-user-accounts-disable-it/]blog posting[/url].

[scottro]

Win7 might do it in home edition. Business edition, however, only shows the last user. (This may only take effect after one joins the domain, I'm not sure.).

[TimRice]

Thank you for posting this!!
I'm using CentOS at work and display of the last user is contrary to both best practices and policy!

[AlanBartlett]

[quote]
display of the last user is contrary to both best practices and policy!
[/quote]
I agree entirely. But, apparently, that logic flew out of the window in [i]Fedora[/i]-land with the version that [i]Red Hat[/i] used to create the basis of [i]RHEL 6[/i].

[quote]
Thank you for posting this!!
[/quote]
I guess you really need to thank [b]toracat[/b] for writing up an appropriate fix. ;-)

By the way, as you are a new forum member, I'll say: [i]Welcome to the [/i]CentOS[i] fora.[/i]

[taylorkh]

As we can change the login process to our liking - contrary to what Red Hat might think is correct - this thread could be marked solved, resolved or dead horse.

TIA,

Ken

[pschaff]

Marking this thread [RESOLVED] for posterity.