Gnome Screensaver

Dan Nicholson dbn.lists at gmail.com
Tue Jul 4 08:21:13 PDT 2006


On 7/3/06, Juerg Billeter <j at bitron.ch> wrote:
> On Mon, 2006-07-03 at 20:01 -0500, Randy McMurchy wrote:
> > Has anyone had any success trying to unlock the screen using the PAM
> > authentication scheme with Gnome Screensaver?
>
> Works for me with both, 2.14.2 and 2.15.3, and Linux-PAM 0.99.4.0,
> Shadow 4.0.15, and using MD5 shadowed passwords. Hm, I've just noticed
> that BLFS doesn't mention to setuid root unix_chkpwd of Linux-PAM,
> doesn't that mean that PAM doesn't work for non-root applications when
> using pam_unix? I'm pretty sure that gnome-screensaver can't work like
> that as there is no way to access /etc/shadow...
>
> BTW: xscreensaver works because xscreensaver itself is installed setuid
> root, iirc.

Randy, I picked up some things from Jürg's PAM setup when I was trying
to figure out pam_console. One of them was not overriding ${sbindir}
and setuid unix_chkpwd. I didn't know the reason for it then (but
figured he must have a good reason for it). Well, toggling the suid
bit of /sbin/unix_chkpwd allows me to unlock or not from the
screensaver, as Jürg says.

I'm working on a diff to the Linux-PAM page now for pam_console. Would
you like me to make changes for ${sbindir} and setuid unix_chkpwd, or
do you want to discuss it more?

pam_console also expects to find a binary in /sbin. It would have to
be moved as pam_tally is with ${sbindir}=/lib/security.

--
Dan



More information about the blfs-dev mailing list