Date: Mon, 7 Apr 2008 17:07:44 +1000 From: Andrew Reilly <areilly@bigpond.net.au> To: Joe Marcus Clarke <marcus@marcuscom.com> Cc: gnome@freebsd.org, FreeBSD Ports Mailing List <ports@freebsd.org>, Ashish Shukla =?utf-8?B?4KSG4KS24KWA4KS3IOCktuClgeCkleCljeCksg==?= <wahjava@gmail.com>, Ashish Shukla =?utf-8?B?4KSG4KS24KWA4KS3IOCktuClgeCkleCljeCksg==?= <wahjava.ml@gmail.com> Subject: Re: x11/gnome-screensaver-2.22.1 is not unlocking screen on entry of correct password. Message-ID: <20080407070744.GA27115@duncan.reilly.home> In-Reply-To: <20080407063651.GB97699@duncan.reilly.home> References: <87d4p3xome.fsf@chateau.d.lf> <1207495285.21780.1.camel@shumai.marcuscom.com> <87y77qg9zd.fsf@chateau.d.lf> <1207504273.22879.4.camel@shumai.marcuscom.com> <20080407063651.GB97699@duncan.reilly.home>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 07, 2008 at 04:36:51PM +1000, Andrew Reilly wrote: > On Sun, Apr 06, 2008 at 01:51:13PM -0400, Joe Marcus Clarke wrote: > > > Joe> This is typically the case when one builds gnome-screensaver with PAM > > > Joe> support, but they are currently using a PAM module which requires the > > > Joe> executable be setuid root (e.g. pam_unix). The only workaround is to > > > Joe> rebuild gnome-screensaver without PAM support, or use a different PAM > > > Joe> module which does not require root privileges. > > > > > > I've tried copying /etc/pam.d/gdm to /etc/pam.d/gnome-screensaver, but > > > also thats of no use. Any ideas, why is that not working inspite of > > > /usr/local/libexec/gnome-screensaver-dialog being setuid, hmm...? > > > > PAM and gnome-screensaver do not work together if you are using > > pam_unix. Rebuild gnome-screensaver without PAM support, and it will > > instead read /etc/master.passwd directly to authenticate the user. That > > will work. Just to add a bit more noise to this discussion: I've just re-configured gnome-screensaver to not use PAM, and re-installed. When doing so, I discovered that this installs gnome-screensaver-dialog, which is setuid root. Clearly, that's necessary in order to look at master.passwd directly. Isn't the same setuid-root done when PAM is involved? Cheers, -- Andrew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080407070744.GA27115>