On Tuesday, Sep 9, 2003, at 19:57 Australia/Sydney, Dr R.S. Brooks 
wrote:

> On Mon, 8 Sep 2003, Peter Seebach wrote:
>
>> In message <200309081948.h88JmDq19088@srapc342.sra.co.jp>, Noriyuki 
>> Soda writes
>> :
>>>>>>>> On Mon, 08 Sep 2003 14:32:35 -0500,
>>> 	seebs@plethora.net (Peter Seebach) said:
>>>> But then, in the cases where it's really the authentication client 
>>>> that
>>>> needs to be eaccessible to the PAM module, this *won't work*.
>>
>>> Hmm, I cannot understand this sentence.
>>> What do you mean here?
>>
>> I cannot see what is magic about screensavers.
>
> Screensavers ONLY validate the password of the user who started them.
> Everything else I can think of which validates passwords does it as a
> prelude to becoming another user (usualy root -> non-root), and as a
> result acquiring all that user's rights (and dropping all the rights
> of the previous user).

Bzzt. Don't forget `xlock -allowroot' and equivalent - mandatory in any
shared environment. Don't know how many times it's got me out of 
trouble.

OK, it doesn't involve a privilege switch to another user, but...

Cheers,
--
Paul Ripke
Unix/OpenVMS/TSM/DBA
I love deadlines. I like the whooshing sound they make as they fly by.
-- Douglas Adams