From owner-freebsd-gnome@FreeBSD.ORG Mon Apr 7 06:45:12 2008 Return-Path: Delivered-To: gnome@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 70E70106564A; Mon, 7 Apr 2008 06:45:12 +0000 (UTC) (envelope-from marcus@marcuscom.com) Received: from creme-brulee.marcuscom.com (marcuscom-pt.tunnel.tserv1.fmt.ipv6.he.net [IPv6:2001:470:1f00:ffff::1279]) by mx1.freebsd.org (Postfix) with ESMTP id 11AB58FC14; Mon, 7 Apr 2008 06:45:11 +0000 (UTC) (envelope-from marcus@marcuscom.com) Received: from [IPv6:2001:470:1f00:2464::4] (shumai.marcuscom.com [IPv6:2001:470:1f00:2464::4]) by creme-brulee.marcuscom.com (8.14.2/8.14.2) with ESMTP id m376jX8b002092; Mon, 7 Apr 2008 02:45:33 -0400 (EDT) (envelope-from marcus@marcuscom.com) From: Joe Marcus Clarke To: Andrew Reilly In-Reply-To: <20080407063651.GB97699@duncan.reilly.home> References: <87d4p3xome.fsf@chateau.d.lf> <1207495285.21780.1.camel@shumai.marcuscom.com> <87y77qg9zd.fsf@chateau.d.lf> <1207504273.22879.4.camel@shumai.marcuscom.com> <20080407063651.GB97699@duncan.reilly.home> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-mFEf3nKWShSLCnf7RWg6" Organization: MarcusCom, Inc. Date: Mon, 07 Apr 2008 02:45:17 -0400 Message-Id: <1207550717.22879.33.camel@shumai.marcuscom.com> Mime-Version: 1.0 X-Mailer: Evolution 2.22.0 FreeBSD GNOME Team Port X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,NO_RELAYS autolearn=ham version=3.2.4 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on creme-brulee.marcuscom.com Cc: gnome@freebsd.org, FreeBSD Ports Mailing List , Ashish Shukla =?UTF-8?Q?=E0=A4=86=E0=A4=B6=E0=A5=80=E0=A4=B7_?= =?UTF-8?Q?=E0=A4=B6=E0=A5=81=E0=A4=95=E0=A5=8D=E0=A4=B2?= , Ashish Shukla =?UTF-8?Q?=E0=A4=86=E0=A4=B6=E0=A5=80=E0=A4=B7_?= =?UTF-8?Q?=E0=A4=B6=E0=A5=81=E0=A4=95=E0=A5=8D=E0=A4=B2?= Subject: Re: x11/gnome-screensaver-2.22.1 is not unlocking screen on entry of correct password. X-BeenThere: freebsd-gnome@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GNOME for FreeBSD -- porting and maintaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Apr 2008 06:45:12 -0000 --=-mFEf3nKWShSLCnf7RWg6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Mon, 2008-04-07 at 16:36 +1000, Andrew Reilly wrote: > On Sun, Apr 06, 2008 at 01:51:13PM -0400, Joe Marcus Clarke wrote: > > On Sun, 2008-04-06 at 23:07 +0530, Ashish Shukla =E0=A4=86=E0=A4=B6=E0= =A5=80=E0=A4=B7 =E0=A4=B6=E0=A5=81=E0=A4=95=E0=A5=8D=E0=A4=B2 wrote: > > > >>>>> Joe Marcus Clarke writes: > > > Joe> On Sun, 2008-04-06 at 15:59 +0530, Ashish Shukla =E0=A4=86= =E0=A4=B6=E0=A5=80=E0=A4=B7 =E0=A4=B6=E0=A5=81=E0=A4=95=E0=A5=8D=E0=A4=B2 w= rote: > > > >> Hi, > > > >>=20 > > > >> Whenever I try to unlock my screen, locked using gnome-screens= aver, it > > > >> doesn't accept my password, rejects with "Incorrect password".= I'm > > > >> running x11/gnome-screensaver-2.22.1 . Any ideas what is causi= ng this ? > > > >> And BtW, I've compiled gnome-screensaver-2.22.1 with PAM suppo= rt. > > > >>=20 > > > >> During password verification, there is some non-uniform delay > > > >> (sometime more, sometimes less) . > > > >>=20 > > > >> Is there anyone else experiencing this issue, hmm...? > > >=20 > > > Joe> This is typically the case when one builds gnome-screensaver= with PAM > > > Joe> support, but they are currently using a PAM module which req= uires the > > > Joe> executable be setuid root (e.g. pam_unix). The only workaro= und is to > > > Joe> rebuild gnome-screensaver without PAM support, or use a diff= erent PAM > > > Joe> module which does not require root privileges. > > >=20 > > > I've tried copying /etc/pam.d/gdm to /etc/pam.d/gnome-screensaver, bu= t > > > also thats of no use. Any ideas, why is that not working inspite of > > > /usr/local/libexec/gnome-screensaver-dialog being setuid, hmm...? > >=20 > > PAM and gnome-screensaver do not work together if you are using > > pam_unix. Rebuild gnome-screensaver without PAM support, and it will > > instead read /etc/master.passwd directly to authenticate the user. Tha= t > > will work. >=20 > So, is there a scenario where PAM and gnome-screensaver *do* > work? If not, then why is PAM an option? If you're using a PAM module which doesn't require root privileges (e.g. pam_ldap) then PAM support should work. >=20 > I admit that I don't fully understand PAM, but have noticed > that there's a whole bunch of PAM stuff in recent FreeBSD > configurations, even at the non-ports level, so I have it in > gnome-screensaver, too. I thought that was just how it was > supposed to be done. >=20 > Therefore, whenever I mistakenly allow the screen to be locked, > I have to log-in from another machine and kill the screen > saver... >=20 > My FreeBSD system is physically secure, so I don't have it > lock automatically when the screen saver comes on, so this > only happens when I mis-mouse in the GNOME System menu. So it > hasn't bothered me enough to really try debugging it, up to now. > (Although I did try to remove the "lock screen" menu item, but > the menu-editing facility did not facilitate that...) I filed a bug against gnome-screensaver a long time ago (see http://bugzilla.gnome.org/show_bug.cgi?id=3D370847). I don't see this bug ever being fixed in gnome-screensaver, though. If anyone wants to work on a setuid wrapper which can handle the PAM dialog, I would be happy to integrate it into our port. There already exists support in gnome-screensaver to handle such a wrapper, but since the non-PAM (default) configuration works for me, I haven't been bothered enough to implement this myself. Joe --=20 PGP Key : http://www.marcuscom.com/pgp.asc --=-mFEf3nKWShSLCnf7RWg6 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (FreeBSD) iEYEABECAAYFAkf5wv0ACgkQb2iPiv4Uz4cvVACeKmIjpR0XW3iTpQKrBbFJNmoi 9ZkAnRFlOwdIbVpnufNDxv2NXdBtw4vq =CfbO -----END PGP SIGNATURE----- --=-mFEf3nKWShSLCnf7RWg6--