In message <Pine.NEB.4.05.9811231835000.26398-100000@duhnet.net>, Todd Vierling
 writes:
>I definitely consider getting root's crypted password compromising the
>integrity of the system.  _No_ process without root privileges should be
>able to get that.  A BSD-Auth external program doesn't count; how does it
>verify securely that the process requesting root's pw should be allowed to
>get it?

It doesn't give the process root's password.  It says "authenticate root",
or it doesn't say "authenticate root".  Now, you could write a password
cracker which sits on top of this, but it's not significantly more
effective than, say, typing 'su' constantly.  :)

I'm not sure screen savers should take the root password - but if a box has
a hung network, and someone managed to lock the console, there's a case to
be made. 

-s