Re: gdm thing

[mkp () SUNSITE AUC DK (Martin K. Petersen)]

> > > > > "Kermit" == Kermit the Frog <kermit () TOWER COM AR> writes:

Kermit> Hello! while trying this new soft to replace the ``old'' xdm,
Kermit> I found out that if a wrong passwd is supplied, gdm will
Kermit> answer with a ``incorrect password'' message. So I tried to
Kermit> log in as an inexistent user ... the result was "user
Kermit> unknown". The vulnerabilty seems trivial to me.

Kermit> The version tested was gdm-2.0beta4.

You can disable this by setting VerboseAuth=0 in the [Security]
section in gdm.conf.

See the GDM manual for details.

--
Martin Kasper Petersen                  BOFH, IC1&2, Aalborg University, DK
mailto:mkp () SunSITE auc dk            http://SunSITE.auc.dk/~mkp/