Bug#737396: kscreensaver: locked screen allows any password if a third session (vt9) is also active

[Lajos Mester <l.mester@gmx.de>]

Am Donnerstag, 29. Mai 2014, 21:47:29 schrieben Sie:
> On Tue, May 27, 2014 at 06:50:01PM +0200, Lajos Mester wrote:
> > > * What authentication type is PAM using (e.g. shadow, ldap, krb5) ?
> > 
> > How do I know it?
> 
> Unless you have changed it, the default should be shadow. Documentation
> for PAM is available at http://www.linux-pam.org/
Did not change it.

> 
> > > * What is the result of the following command on the different VTs
> > > 
> > >   with an invalid password:
> > >   /usr/lib/kde4/libexec/kcheckpass; echo $?
> > 
> > Trying to log in on the standard terminals. Even there, the user who is
> > logged in on the first K-VT, get's logged in without a pass.
> > 
> > For this user the command above gives 0, for the others "authentication
> > failure 1".
> 
> This looks like the authentication is actually passing. Could you try
> installing pamtester (which is availale for jessie/sid) and run the
> following command and provide the results:
> 
> pamtester -v login <username> authenticate
for the user logged on the first VT:

pamtester: invoking pam_start(login, <the login>, ...)                                                                     
pamtester: performing operation - authenticate                                                                       
Password:                                                                                                            
pamtester: Authentication failure  

-- with or without a password, even with the correct one. Other users get:
pamtester: successfully authenticated


> 
> 
> --
> 
> Jim Scadden