Hmmm.  There are several configuration options that always come up as "the default should be different."  This is one of them.

The problem is that for different types of users, different options make the most sense.  On multi-user systems where security is most important, the prudent security choice would be to disable all features that expose any information about the usernames on the machine.  Exposing this information does narrow down the work a hacker needs to do to crack passwords by brute force, for example.

The Face Browser is most useful in certain situations, such as for a home user
who shares their computer with a few other people who are often trusted (like
family members or roommates).  Also perhaps in some situations like a small
network with a few hundred users or less.  While this may be the most common
use case for GDM, it isn't the only use case.

In my opinion, it makes the most sense for GDM, out-of-the-box, to have the most secure defaults possible.  Obviously it a particular distro knows their customers are the sort of people who want a particular feature, they can change
the distro defaults (and most distros already do this, I believe).  I like that
distros make a conscious choice about changing defaults to less secure choices.
I think this is better than expecting distros to recognize what options they
need to tighten if they want tight security.

I don't think there are any serious performance issues with Browser.  However, if Browser=true by default, then people would probably say that IncludeAll probably also should be true by default, right?  Note that the Browser doesn't do anything if IncludeAll is false and Include contains no users.  This value
is false out-of-the-box.

If you are also suggesting IncludeAll=true by default, then this has some serious performance issues.  In networks where there are thousands of users all in a single NIS server, then GDM can literally take hours to try and scan through all users to display the Face Browser.  Not really very nice default behavior.  There are some GDM users who work in such environments (like everybody who works at Sun).  IncludeAll only makes sense on a network with
no more than a few hundred users, and makes the most sense when reading users
locally from /etc/passwd.

Another thing to consider is that if we change the default, this will cause some users to have a significantly different experience on upgrade.  Is this okay?  Will we get tons of bug reports from people saying "I didn't see a Face Browser before, and now I do after upgrade?"

Although I'm disagreeing with you.  I'm happy to discuss further.  Especially if others chime in and the general concensus is it should change, I will go along with any reasonable change like this.

downgrading to normal/major.  I don't really think this is a critical issue.

Agreed, I have to admit I was a little confused when you changed this bug to critical.

The issue with having Browser=false is that users will not understand why the themes with an users list don't work. They will open gdmsetup, select a theme, restart their session and file a bug about gdm being broken. Is there any issue to have the option set to true if the default theme is not one with an users list anyway? Otherwise gdmsetup or the graphical screen should make clear why no user is listed

That is a good point, and if people think changing the default value makes sense, then I am happy to do so.  I'd just like to get a consensus of opinions first.

The main reason it is not on by default is that turning on the face browser does reduce the security of GDM a bit by revealing usernames on the system.  So, making distros make a conscious choice to turn on this feature is a way to ensure that distros are comfortable with that additional security risk, even though it might be slight.

My philosophy has always been that defaults should be at the most secure level possible, which is why accessibility is also off by default.  Making configuration changes that reduce security should be conscious.

But, as I said, if people think that it just makes more sense to make the true by default that can be changed.

Also a configuration option could be added so that the value could be specified at configure time.

I am also "suffering" this one: after upgrading to gnome and gdm 2.20 I get no userlist in my gdm. 

The problem is that, if I open gdmsetup and I choose show users, gdmsetup doesn't add "Browser=true" to /etc/X11/gdm/custom.conf. Is this a gdmsetup bug?

Thanks for information

To make gdmlogin and gdmgreeter work more consistantly, GDM was changed so that both greeters honor the Browser configuration option.  This is a feature, not a bug.  

This caused some problems for users, like yourself, who were using the browser but had the Browser value set to false.  Most distros have updated their default configuration file so that true is the default.  However, depending on how you upgraded, you may not have gotten this change.

This bug is discussion about whether the browser should be set to true by default.  This would be good since it would cause less problems for users in your situation.

However, turning on the face browser does expose information about your system, namely which users are on it.  Some people don't want GDM to show the face browser.  So, from a securty perspective, it is more conservative to break things for users who previously were using it rather than for users who were not.  That's the thinking behind the choice that was made so far.

OK, thanks for info, the problem is that I thought that this behavior could be modified from gdmsetup (In "Users" tab, checking "Include all users from /etc/passwd"), but I likely misunderstand this option :-/. Maybe an option in gdmsetup for changing between "Browser=true" and "Browser=false" could help I bit (I can open a new bug report for this if you prefer)

About main discussion, I think that, as now some distributions do for reverting this new default choice, distributors that prefer more security level can also modify it to Browser=false or, simply, choose a default GDM theme without users list (like Mandriva chooses currently)

Thanks a lot

You can turn on the browser in gdmsetup by selecting "Plain with Face Browser" or "Themed with Face Browser" in the "Style" combo-box on the "Local" or "Remote" tab.  This turns on the Browser=true.  If you select "Plain" or "Themed" then Browser will be false.

Is this more clear?  If you think there is a better way to configure this in gdmsetup, or if you want to add a patch to make this work more clearly, then please feel free to do so.

Perhaps the comment on the top of the "Users" tab should be more clear that you need to turn on the Face Browser in the "Local" and/or "Remote" tab?

Sorry, you are true, I was trying to change this in the wrong place :-/, changing "Style" to "Themed with face browser" worls fine. 

Maybe an option would be only offer two options in "Style": themed and plain
and add an option saying something like: "Show users list" at the top of "Users" tab, this way, all other options under this tab would be disabled if this "show users list" option were unchecked

But also current behavior is ok, maybe not as intuitive (for me at least), but it also works :-)

Thanks a lot and sorry for the inconvenience

*** Bug 539832 has been marked as a duplicate of this bug. ***

as said,it isnt difficult to find the users on linux system.just goto restore mode and and geeky commands like i think $users ?.or something else would definitely
work.so avoiding face browser isnt an option.infact face browser helps improve usability and look of gdm.

Hey Brian :)

You set this bug to NEEDINFO on 2007-04-03 asking for discussion. Are any open questions left?
As this bug is NEEDINFO for pretty long time now, I'd like to have it either closed or reopened :)

It has been more than two years since this bug has been opened. I assume this issue is OBSOLETE. If not, I'd like anybody to reopen this bugreport. Thanks in advance!