Title: #21: IFP: expose user and group unique IDs through DBus
> With the SIDs we already have a library thay pretty much anyone can call and
> retrieve the SID for ID. But not for GUIDs.. CC @sbose-rh for another
In general the GUIDs are even less informative than the SID, e.g. you cannot
derive the domain form it, it is just a random strings created with some rules
to try to avoid collisions. So I cannot see a leak here. Additionally I think
there is only special protection on the LDAP side on the GUID attribute, e.g.
ipaUniqueID can be read anonymously.
Only if the GUID is misused, e.g. as initial password, there would be an issue
but imo not on our side.
See the full comment at
sssd-devel mailing list -- firstname.lastname@example.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org