RHEL7 gdm lets users create new accounts?

Latest response

After an everything install, it appears that gdm has greeter screen offering anyone to create an account on the host. Not good for a NIS/NFS host. I tried the enterprise login, and it failed to log me in (though NIS was already bound to the correct domain, and the user could log in at an alternate text console). Worse, it appeared that it "remembered" the password I typed in. The next try to log in (clicking the "Enterprise Login" button) presented a screen auto-filled with the same user name and appearing to have a password (though dotted-out).

This seems like rather promiscuous behaviour from a display manager.

I installed/enabled kdm (disabled gdm.service), which immediately worked.

What am I missing regarding gnome gdm? Shouldn't it behave more conservatively in an enterprise distribution?