pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: pkg/46271: x11/xlockmore built w/pam fails all authentication attempts, won't unlock screen

On Fri, 30 Mar 2012, Matthias Drochner wrote:

Can you try again without pwauth_suid? Without the "bad-pam" option
just added, the program will give up the privileges gained by
the suid bit before the actual authentication. This works for
some PAM implemtations, but not for NetBSD's (unless pwauth_suid
is used).

I've rebuilt w/o pwauth_suid on a -current/amd64 system and it does

Initially, I neglected to re-comment the reference to
in the pam.d/xlock file so upon unlocking, the following messages were

  Access control list restored.
  xlock: caught signal 10 while running <modename> mode (uid <UID>)

When I re-commented the reference it unlocks without
any complaint.

As I was writing the above, my 6.0_BETA/i386 system finished installing
xlockmore.  With the "" library nonexistent, but
with it's line still in the pam.d/xlock file, authentication fails
(as I think it should).  With the line commented out, authentication

That it succeeds anyway on amd64 may be an issue for investigation.

Prior to this, while using the, I did turn off xlock's
suid bit and it unlocked OK.  I think I like this option.

Maybe provide another option "pam-pwauth-suid"?  This option would
imply pam, omit "--bad-pam" configure arg, and pull in
security/pam-pwauth_suid as a dependency?  (can modes be selectively
enabled/disabled?  install xlock as non-suid with pam-pwauth-suid?)

|/"\ John D. Baker, KN5UKS               NetBSD     Darwin/MacOS X
|\ / jdbaker[snail]mylinuxisp[flyspeck]com    OpenBSD            FreeBSD
| X  No HTML/proprietary data in email.   BSD just sits there and works!
|/ \ GPGkeyID:  D703 4A7E 479F 63F8 D3F4  BD99 9572 8F23 E4AD 1645

Home | Main Index | Thread Index | Old Index