[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pam_unix2 and xscreensaver password to restrictive



On Wed, Apr 23, 2008 at 01:13:46PM -0400, Hubert Chathi wrote:
> On Wed, 23 Apr 2008 18:01:12 +1000 Alex Samad <alex@samad.com.au> wrote:
> 
> > This is an error I was getting on xscreensaver that i noticed was
> > being caused by pam.
> 
> This is probably bugs #295526, #309037, #362954, #440955, (have I
> missed any?).
> 
> From #295526, it looks like the pam_unix2 maintainer agrees to the
> unix2_chkpwd helper binary, but has requested help.  So it would be
> nice if someone could give him a hand.

yep exactly.

just for closure on the mailing list.

The problem is that pam_unix2 when called from xscreensaver doesn't have
the right privileges to access /etc/shadow.  pam_unix uses a binary
helper which has setuid to root.

Seems like Suse used to use this as well, but it is not in the debian
tree.  295526 discusses the merits of adding in unix2_chkpwd, but there 
is some concern about opening up a security hole.

My solution is to change /etc/pam.d/xscreensaver to use pam_unix, all my
users are in ldap (except for root).

I will see if I can help with 295526

Thanks

> 
> -- 
> Hubert Chathi <uhoreg@debian.org> -- Jabber: hubert@uhoreg.ca
> PGP/GnuPG key: 1024D/124B61FA         http://www.uhoreg.ca/
> Fingerprint: 96C5 012F 5F74 A5F7 1FF7  5291 AF29 C719 124B 61FA
> 
> 

-- 
"It's going to require numerous IRA agents."

	- George W. Bush
10/10/2000
Greensboro, NC
On Gore's tax plan

Attachment: signature.asc
Description: Digital signature


Reply to: