x11/gnome-screensaver-2.22.1 is not unlocking screen on entry
of correct password.
Joe Marcus Clarke
marcus at marcuscom.com
Mon Apr 7 06:45:12 UTC 2008
On Mon, 2008-04-07 at 16:36 +1000, Andrew Reilly wrote:
> On Sun, Apr 06, 2008 at 01:51:13PM -0400, Joe Marcus Clarke wrote:
> > On Sun, 2008-04-06 at 23:07 +0530, Ashish Shukla आशीष शुक्ल wrote:
> > > >>>>> Joe Marcus Clarke writes:
> > > Joe> On Sun, 2008-04-06 at 15:59 +0530, Ashish Shukla आशीष शुक्ल wrote:
> > > >> Hi,
> > > >>
> > > >> Whenever I try to unlock my screen, locked using gnome-screensaver, it
> > > >> doesn't accept my password, rejects with "Incorrect password". I'm
> > > >> running x11/gnome-screensaver-2.22.1 . Any ideas what is causing this ?
> > > >> And BtW, I've compiled gnome-screensaver-2.22.1 with PAM support.
> > > >>
> > > >> During password verification, there is some non-uniform delay
> > > >> (sometime more, sometimes less) .
> > > >>
> > > >> Is there anyone else experiencing this issue, hmm...?
> > >
> > > Joe> This is typically the case when one builds gnome-screensaver with PAM
> > > Joe> support, but they are currently using a PAM module which requires the
> > > Joe> executable be setuid root (e.g. pam_unix). The only workaround is to
> > > Joe> rebuild gnome-screensaver without PAM support, or use a different PAM
> > > Joe> module which does not require root privileges.
> > >
> > > I've tried copying /etc/pam.d/gdm to /etc/pam.d/gnome-screensaver, but
> > > also thats of no use. Any ideas, why is that not working inspite of
> > > /usr/local/libexec/gnome-screensaver-dialog being setuid, hmm...?
> >
> > PAM and gnome-screensaver do not work together if you are using
> > pam_unix. Rebuild gnome-screensaver without PAM support, and it will
> > instead read /etc/master.passwd directly to authenticate the user. That
> > will work.
>
> So, is there a scenario where PAM and gnome-screensaver *do*
> work? If not, then why is PAM an option?
If you're using a PAM module which doesn't require root privileges (e.g.
pam_ldap) then PAM support should work.
>
> I admit that I don't fully understand PAM, but have noticed
> that there's a whole bunch of PAM stuff in recent FreeBSD
> configurations, even at the non-ports level, so I have it in
> gnome-screensaver, too. I thought that was just how it was
> supposed to be done.
>
> Therefore, whenever I mistakenly allow the screen to be locked,
> I have to log-in from another machine and kill the screen
> saver...
>
> My FreeBSD system is physically secure, so I don't have it
> lock automatically when the screen saver comes on, so this
> only happens when I mis-mouse in the GNOME System menu. So it
> hasn't bothered me enough to really try debugging it, up to now.
> (Although I did try to remove the "lock screen" menu item, but
> the menu-editing facility did not facilitate that...)
I filed a bug against gnome-screensaver a long time ago (see
http://bugzilla.gnome.org/show_bug.cgi?id=370847). I don't see this bug
ever being fixed in gnome-screensaver, though. If anyone wants to work
on a setuid wrapper which can handle the PAM dialog, I would be happy to
integrate it into our port. There already exists support in
gnome-screensaver to handle such a wrapper, but since the non-PAM
(default) configuration works for me, I haven't been bothered enough to
implement this myself.
Joe
--
PGP Key : http://www.marcuscom.com/pgp.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20080407/f1fffbfe/attachment.pgp
More information about the freebsd-ports
mailing list