Bug#737396: kscreensaver: locked screen allows any password if a third session (vt9) is also active
Hi Jim,
thanks for careing...
i have testing-unstable installed, almost always up to date.
The bug is still there. Please find the anwers to your questions below.
If you need more info, just drop a mail.
Thanks and regards.
Lajos
Am Sonntag, 25. Mai 2014, 08:32:18 schrieben Sie:
> tags 737396 + moreinfo
> stop
>
> Hi Lajos,
>
> I have been unable to reproduce this bug with the current versions of
> kscreensaver in wheezy (4:4.8.4-5) and jessie (4:4.12.4-1).
>
apt-cache policy kscreensaver
kscreensaver:
Installiert: 4:4.12.4-1
Installationskandidat: 4:4.12.4-1
Versionstabelle:
*** 4:4.12.4-1 0
500 http://ftp.de.debian.org/debian/ testing/main amd64 Packages
500 http://ftp.de.debian.org/debian/ unstable/main amd64 Packages
100 /var/lib/dpkg/status
4:4.8.4-5 0
500 http://ftp.de.debian.org/debian/ wheezy/main amd64 Packages
> Please could you advise the following to help reproduce the problem:
>
> * Are all of VT sessions logged in as different users?
Yes
> * Are there any errors in /var/log/auth.log ?
Yes, but only for the second and third sessions (if trying with a wrong
password). The first session did not log any error.
> * Are there any errors in ~/.xsession-errors ?
Any? Well sort of. It's 18 MB long. After deleting it and switching to the
first session (w/o pass), no errors are written.
> * What authentication type is PAM using (e.g. shadow, ldap, krb5) ?
How do I know it?
> * What is the result of the following command on the different VTs
> with an invalid password:
> /usr/lib/kde4/libexec/kcheckpass; echo $?
Trying to log in on the standard terminals. Even there, the user who is logged
in on the first K-VT, get's logged in without a pass.
For this user the command above gives 0, for the others "authentication
failure 1".
>
>
> Thanks
Reply to: