Re: xlock

[Behan Webster <behanw@verisim.com>]

Martin Schulze wrote:
> 
> Behan Webster writes:
> > I have xlockmore installed on my system here with shadow turned on.
> > I know it's supposed to work (because other machines on our localnet
> > are configured seemingly exactly the same and xlock works there).
> >
> > griffon:~> ls -l /etc/passwd /etc/shadow /usr/bin/X11/xlock
> > -rw-r--r--   1 root     root         1220 Sep 29 09:32 /etc/passwd
> > -rw-r-----   1 root     shadow        797 Oct  2 09:37 /etc/shadow
> > -rwxr-sr-x   1 root     shadow     463376 May 31 21:27
> > /usr/bin/X11/xlock*
> > griffon:~> xlock
> > xlock: it looks like you have shadow passwording.
> > Contact your administrator.
> > griffon:~>
> >
> > What's wrong?  What am I missing?  Am I going insane?
> 
> Try a "shadowconfig off" and then "shadowconfig on" afterwards.  Maybe
> the package is slightly confused?

No, shadow was definitely on and functioning fine.  It is xlock itself
who can't read the password despite being setgid shadow.

The problem (which I finally figured out) is that the passwords are
being served by nis.  I have nis setup to mangle passwords for non
root users, and since xlock doesn't run as root, there is no way for
it to read the password from nis.  (nis mangles the password by
returning an "x" for the password field).

The are only 2 ways of fixing the problem as far as I can tell.
1) don't have nis mangle the passwords.
2) set xlock to be setuid root.

I've opted for the second solution.

I've filed a bug report against the xlockmore package stating exactly
the above, but I'm not sure what can be done.  Perhaps the postinst
can ask if nis is mangling passords, and if so, do you want xlock
to be setuid root.

Thanks anyways,

Behan

-- 
Behan Webster     mailto:behanw@verisim.com
+1-613-224-7547   http://www.verisim.com/


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .