URL:
https://github.com/SSSD/sssd/pull/21
Title: #21: IFP: expose user and group unique IDs through DBus
sumit-bose commented:
"""
With the SIDs we already have a library thay pretty much anyone can
call and retrieve the SID for ID. But not for GUIDs.. CC @sbose-rh for another opinion..
In general the GUIDs are even less informative than the SID, e.g. you cannot derive the
domain form it, it is just a random strings created with some rules to try to avoid
collisions. So I cannot see a leak here. Additionally I think there is only special
protection on the LDAP side on the GUID attribute, e.g. ipaUniqueID can be read
anonymously.
Only if the GUID is misused, e.g. as initial password, there would be an issue but imo not
on our side.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/21#issuecomment-248285945