>>>>> "Martin" == Martin Povolny <xpovolny@aurora.fi.muni.cz> writes: Martin> Ok, so for now there's probably only the quick, dirty and Martin> bad solution: Is that really a bad solution? xlock is designed to be able to be setuid. It's not ideal, but I wouldn't call it bad. You could also make /etc/krb5.keytab readable by a group that xlock was setgid to.