Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 7 Apr 2008 17:07:44 +1000
From:      Andrew Reilly <areilly@bigpond.net.au>
To:        Joe Marcus Clarke <marcus@marcuscom.com>
Cc:        gnome@freebsd.org, FreeBSD Ports Mailing List <ports@freebsd.org>, Ashish Shukla =?utf-8?B?4KSG4KS24KWA4KS3IOCktuClgeCkleCljeCksg==?= <wahjava@gmail.com>, Ashish Shukla =?utf-8?B?4KSG4KS24KWA4KS3IOCktuClgeCkleCljeCksg==?= <wahjava.ml@gmail.com>
Subject:   Re: x11/gnome-screensaver-2.22.1 is not unlocking screen on entry of correct password.
Message-ID:  <20080407070744.GA27115@duncan.reilly.home>
In-Reply-To: <20080407063651.GB97699@duncan.reilly.home>
References:  <87d4p3xome.fsf@chateau.d.lf> <1207495285.21780.1.camel@shumai.marcuscom.com> <87y77qg9zd.fsf@chateau.d.lf> <1207504273.22879.4.camel@shumai.marcuscom.com> <20080407063651.GB97699@duncan.reilly.home>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Apr 07, 2008 at 04:36:51PM +1000, Andrew Reilly wrote:
> On Sun, Apr 06, 2008 at 01:51:13PM -0400, Joe Marcus Clarke wrote:
> > >     Joe> This is typically the case when one builds gnome-screensaver with PAM
> > >     Joe> support, but they are currently using a PAM module which requires the
> > >     Joe> executable be setuid root (e.g. pam_unix).  The only workaround is to
> > >     Joe> rebuild gnome-screensaver without PAM support, or use a different PAM
> > >     Joe> module which does not require root privileges.
> > > 
> > > I've tried copying /etc/pam.d/gdm to /etc/pam.d/gnome-screensaver, but
> > > also thats of no use. Any ideas, why is that not working inspite of
> > > /usr/local/libexec/gnome-screensaver-dialog being setuid, hmm...?
> > 
> > PAM and gnome-screensaver do not work together if you are using
> > pam_unix.  Rebuild gnome-screensaver without PAM support, and it will
> > instead read /etc/master.passwd directly to authenticate the user.  That
> > will work.

Just to add a bit more noise to this discussion: I've just re-configured
gnome-screensaver to not use PAM, and re-installed.  When doing so, I
discovered that this installs gnome-screensaver-dialog, which is setuid
root.  Clearly, that's necessary in order to look at master.passwd
directly.  Isn't the same setuid-root done when PAM is involved?

Cheers,

-- 
Andrew

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080407070744.GA27115>