Remove list of users from the login screen of the GUI
In RHEL 6, when the server is up in run level 5, a list of users from /etc/passwd appears on the console. Building our first production boxes on RHEL 6, we were asked to remove this as the customer viewed it as a security issue for anyone with access to the VMWare console to be able to view all user accounts on the server.
I don't think this feature is needed and provides more of a risk to security than any benefits. This can be edited by going to opening /etc/gconf/gconf.xml.defaults/%gconf-tree.xml and change the boolean for disable_user_list from false to true. I'd like to see this removed in the RHEL 7.
Responses
Completely agree. It is a security concern to list all user accounts on the system.
While you can run that command to hide the user list, it has a nasty side effect in that it kills GDM smart-card login support. Thus, if you utilize smart cards for logging into the system, you can't disable the user list.