On Wed, Apr 23, 2008 at 01:13:46PM -0400, Hubert Chathi wrote: > On Wed, 23 Apr 2008 18:01:12 +1000 Alex Samad <alex@samad.com.au> wrote: > > > This is an error I was getting on xscreensaver that i noticed was > > being caused by pam. > > This is probably bugs #295526, #309037, #362954, #440955, (have I > missed any?). > > From #295526, it looks like the pam_unix2 maintainer agrees to the > unix2_chkpwd helper binary, but has requested help. So it would be > nice if someone could give him a hand. yep exactly. just for closure on the mailing list. The problem is that pam_unix2 when called from xscreensaver doesn't have the right privileges to access /etc/shadow. pam_unix uses a binary helper which has setuid to root. Seems like Suse used to use this as well, but it is not in the debian tree. 295526 discusses the merits of adding in unix2_chkpwd, but there is some concern about opening up a security hole. My solution is to change /etc/pam.d/xscreensaver to use pam_unix, all my users are in ldap (except for root). I will see if I can help with 295526 Thanks > > -- > Hubert Chathi <uhoreg@debian.org> -- Jabber: hubert@uhoreg.ca > PGP/GnuPG key: 1024D/124B61FA http://www.uhoreg.ca/ > Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA > > -- "It's going to require numerous IRA agents." - George W. Bush 10/10/2000 Greensboro, NC On Gore's tax plan
Attachment:
signature.asc
Description: Digital signature