pam(8) woes: x11/i3lock accept any (or no) password

To: netbsd-users%netbsd.org@localhost
Subject: pam(8) woes: x11/i3lock accept any (or no) password
From: Pouya Tafti <pouya+lists.netbsd%nohup.io@localhost>
Date: Sat, 6 Nov 2021 19:40:28 +0100

[not a pam(8) expert]

pkgsrc's x11/i3lock is an X11 screen lock that uses pam(8) for
authentication and comes with a sample /etc/pam.d config that simply
includes /etc/pam.d/login.

On this particular system, out of the box:

$ uname -r -m
9.2_STABLE amd64

$ cat /etc/pam.d/login | grep auth
# auth
auth            sufficient      pam_self.so             no_warn
auth            required        pam_nologin.so          no_warn
auth            include         system

The first line seems to indicate that login, and thus also i3lock--when
run as the same user it needs to authenticate--would actually not
require any authentication, and indeed what happens is that i3lock is
happy to unlock the screen with any supplied password.

This obviously seems wrong, so I tried using /etc/pam.d/other or
/etc/pam.d/system instead, to have it authenticate using pam_unix.so
(or to use the latter directly).  But now I can't get it to accept
*any* password anymore, including the correct one.

Am I missing something obvious or is something not quite right here?

Thanks,
Pouya

Follow-Ups:
- Re: pam(8) woes: x11/i3lock accept any (or no) password
  - From: RVP

Prev by Date: Portable power supplies/jumpers with USB
Next by Date: Re: pam(8) woes: x11/i3lock accept any (or no) password
Previous by Thread: Portable power supplies/jumpers with USB
Next by Thread: Re: pam(8) woes: x11/i3lock accept any (or no) password
Indexes:

Home | Main Index | Thread Index | Old Index