GNOME Bugzilla – Bug 155077
logins (via gdm, etc.) access the user's home directory before authenticating
Last modified: 2005-01-26 06:53:25 UTC
Please describe the problem: gdm tickles the user's home directories too soon which lowers the quality of protection when mounting from a multi-security flavored NFS server. Steps to reproduce: NFS server shares /export/home with sec flavors krb5:sys where krb5 is the Kerberos authentication flavor where sys is the typical UNIX authentication flavor User is prompted for their login name by gdm, gdm accesses the windowing preference file in the user's home directory. The problem is that the user has no credentials given that have not been prompted for their password at this point. Actual results: As a result the security flavor is lowered to sys. Expected results: If the access had waited for authentication by the security mechanism the mount would have been krb5 and subsequently more secure. Does this happen every time? Yes, when multi-sec NFS servers are used. Which is quite common in any transitioning environment. Other information: If the NFS server shared the user's home directory with krb5 only then gdm would fail, because there would be no fall-back to sys.
Is this problem still happening, Shawn. My understanding is we determined this is not a problem. Please close this bug if so.
This was a bug that was actually in our dtgreet/dtlogin applications. These applications have since been fixed by providing a system flag that can switch the windowing preference feature off.
Thanks Shawn.