URL: https://github.com/SSSD/sssd/pull/21
Title: #21: IFP: expose user and group unique IDs through DBus

sumit-bose commented:
> With the SIDs we already have a library thay pretty much anyone can call and 
> retrieve the SID for ID. But not for GUIDs.. CC @sbose-rh for another 
> opinion..

In general the GUIDs are even less informative than the SID, e.g. you cannot 
derive the domain form it, it is just a random strings created with some rules 
to try to avoid collisions. So I cannot see a leak here. Additionally I think 
there is only special protection on the LDAP side on the GUID attribute, e.g.  
ipaUniqueID can be read anonymously.

Only if the GUID is misused, e.g. as initial password, there would be an issue 
but imo not on our side. 

See the full comment at 
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

Reply via email to