Ive recently installed OpenSuse 11.2 and chose to install gnome with KDE4. Having done so i’m using kdm4 as the display mgr defined in /etc/sysconfig/display manager. However kdm4 reveals all the user names which I don’t really like. Ive tried others including console. After logging in manually ive typed startx gnome which fails. How do you continue to use kdm4 setting and omit the display of the user accounts.
Like most things in FOSS, this is configurable. In /usr/share/kde4/config/kdm/kdmrc we find:
# Enable user list (names along with images) in the greeter.
# Default is true
#UserList=false
However I’m not sure that this the working copy since it’s in /usr/share which is supposed to be read-mostly. There appears to be a program called /usr/bin/genkdmconf. It may even be tied into a YaST module. Feel free to search for a GUI configuration editor.
The reason I dont want the local user names displayed is if they are displayed that gives anyone wanting to hack into the box part of the equation ie the local user names. If the users already have access then there is a degree of trust implied. Just feel its poor practice to display the users on the console.
Thanks to those who replied. I did find out the last user login and the list of available users can be removed from display manager by going configure desktop, advanced, login manager under kde and unselect the option for displaying users and also unselect the last user that logged in. So there is no indications from the console as who the local users are…
you are, unfortunately, giving yourself a false sense of security by
removing those names from being easily seen by looking at the screen…
i mean, if you do not have 24/7 physical control of your machine it is
EASILY hacked with any Live CD…whether all the local user names are
visible or not…
right? try it…pretend you are a bad guy and boot from a live cd, as
root mount the hard drive and have a good look…you can see
everything there…except for those parts of the drive which is
encrypted…
Your very correct the loss of physical security of a host without other measures in place negates anything that’s done at the console or any file persmissions that are set within the box. The host is totally wide open if you have physical access without the owner taking added steps. For me displaying the user names on the console is a poor security practice. Thanks though for bringing this to light.
> I needed to salvage someone’s machine after they forgot the root
> password (occasional user), and I found the answer on these forums.
true enough, those two ways and many others make physical security
your first line of defense…
i don’t know what is second…probably encryption…but, if NSA gets
your hard disk they are gonna crack it…may take a few thousand
machine years, but they will just throw a few million cores at the task…