-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rob wrote: > On Monday 04 August 2003 11:11, Ken Thompson wrote: > >>If security is in question, then simply configure mdkkdm to not show any >>user icons requiring the person logging in to know the username/password > > > Actually, I had a client a few years ago who was a bank, and some bank > examiners came in and dinged them because their NT 4 workstations displayed > the userid of the last successfully logged in user in the login dialog. We > had to do some kind of registry hack or download some freeware or something > to disable that behavior.
Well, you can actualyl do it with a domain group policy or similar in a Windows NT domain. You can even do it with a samba domain, but we had some issues with it (some policy settings affected some other applications). > Bank examiners (and these days, probably any other > security auditor) would flip their lids at the notion of a login manager that > not only displays the last logged in user, but every user in the system. > > On all of the pre-9.1 machines I've deployed in bank environments, I've turned > off kdm's "show users as little icons" option in KDE control center (on those > machines that need X running in the first place) but as I mentioned > previously, I wondered why that wasn't working in 9.1 and that's probably > slowed down our deployment a little as a result. It does work in 9.0, 9.1 etc etc etc (I have tested it on them all). All you need is: # cat /etc/security/msec/level.local allow_user_list (no) # And you won't get any user lists. We deploy settings via an rpm, so we have a whole bunch of files configured the way we want them, and this is one we do deploy, with our own settings. You can create them with draksec if you prefer a GUI. Now, Windows 2000 can deploy these kinds of settings via Active Directory as Group Policy Objects. After seeing the potential this has, I wondered what potential storing msec settings in ldap has. Regards, Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/LocNrJK6UGDSBKcRAmLUAJ9sv2LD4HlWG/10XZbJ36NZ32m7xQCgjvpE GK7CX1BMgDH8S3DImxiX97A= =lnzM -----END PGP SIGNATURE----- ****************************************************************** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. ******************************************************************
