[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: pkg/46271: x11/xlockmore built w/pam fails all authentication attempts, won't unlock screen
On Fri, 30 Mar 2012, Matthias Drochner wrote:
Can you try again without pwauth_suid? Without the "bad-pam" option
just added, the program will give up the privileges gained by
the suid bit before the actual authentication. This works for
some PAM implemtations, but not for NetBSD's (unless pwauth_suid
I've rebuilt w/o pwauth_suid on a -current/amd64 system and it does
Initially, I neglected to re-comment the reference to pam_pwauth_suid.so
in the pam.d/xlock file so upon unlocking, the following messages were
Access control list restored.
xlock: caught signal 10 while running <modename> mode (uid <UID>)
When I re-commented the pam_pwauth_suid.so reference it unlocks without
As I was writing the above, my 6.0_BETA/i386 system finished installing
xlockmore. With the "pam_pwauth_suid.so" library nonexistent, but
with it's line still in the pam.d/xlock file, authentication fails
(as I think it should). With the line commented out, authentication
That it succeeds anyway on amd64 may be an issue for investigation.
Prior to this, while using the pam_pwauth_suid.so, I did turn off xlock's
suid bit and it unlocked OK. I think I like this option.
Maybe provide another option "pam-pwauth-suid"? This option would
imply pam, omit "--bad-pam" configure arg, and pull in
security/pam-pwauth_suid as a dependency? (can modes be selectively
enabled/disabled? install xlock as non-suid with pam-pwauth-suid?)
|/"\ John D. Baker, KN5UKS NetBSD Darwin/MacOS X
|\ / jdbaker[snail]mylinuxisp[flyspeck]com OpenBSD FreeBSD
| X No HTML/proprietary data in email. BSD just sits there and works!
|/ \ GPGkeyID: D703 4A7E 479F 63F8 D3F4 BD99 9572 8F23 E4AD 1645
Main Index |
Thread Index |