ports/61237: xscreensaver-gnome usage of --without-pam inconsistent with gdm
Sean McNeil
sean at mcneil.com
Mon Jan 12 10:33:56 UTC 2004
>Number: 61237
>Category: ports
>Synopsis: xscreensaver-gnome usage of --without-pam inconsistent with gdm
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 12 02:30:16 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Sean McNeil
>Release: freebsd-current
>Organization:
Sean McNeil Consulting, Inc
>Environment:
FreeBSD server.mcneil.com 5.2-CURRENT FreeBSD 5.2-CURRENT #18: Mon Jan 12 00:15:07 PST 2004 root at server.mcneil.com:/usr/obj/usr/src/sys/AMD i386
>Description:
gdm and xscreensaver-gnome should be consistent in behavior. Currently, if an authentication mechanism other than passwd file is used via. PAM (such as NIS or LDAP), gdm will allow login properly. If xscreensaver-gnome is setup to lock the screen, that user will have no means of unlocking the screen as PAM is not enabled with xscreensaver-gnome. Further, there is no mechanism to compile xscreensaver-gnome with PAM support other than editing the Makefile to remove the --without-pam option.
>How-To-Repeat:
setup a system with NIS or LDAP support. Log into gdm with a user not in the /etc/passwd file but in NIS or LDAP. Setup xscreensaver to lock the screen. Lock the screen. Attempt to unlock the screen with users password (not root password).
>Fix:
Either
1) remove the --without-pam option from xscreensaver-gnome/Makefile and be consistent with gdm
2) use WITHOUT_PAM to selectively set the --without-pam option
3) use WITH_PAM to selectively remove the --without-pam option
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list