Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 12 Jan 2004 02:26:06 -0800 (PST)
From:      Sean McNeil <sean@mcneil.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/61237: xscreensaver-gnome usage of --without-pam inconsistent with gdm
Message-ID:  <200401121026.i0CAQ6bX003546@www.freebsd.org>
Resent-Message-ID: <200401121030.i0CAUHdD081460@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         61237
>Category:       ports
>Synopsis:       xscreensaver-gnome usage of --without-pam inconsistent with gdm
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 12 02:30:16 PST 2004
>Closed-Date:
>Last-Modified:
>Originator:     Sean McNeil
>Release:        freebsd-current
>Organization:
Sean McNeil Consulting, Inc
>Environment:
FreeBSD server.mcneil.com 5.2-CURRENT FreeBSD 5.2-CURRENT #18: Mon Jan 12 00:15:07 PST 2004     root@server.mcneil.com:/usr/obj/usr/src/sys/AMD  i386

>Description:
      gdm and xscreensaver-gnome should be consistent in behavior.  Currently, if an authentication mechanism other than passwd file is used via. PAM (such as NIS or LDAP), gdm will allow login properly.  If xscreensaver-gnome is setup to lock the screen, that user will have no means of unlocking the screen as PAM is not enabled with xscreensaver-gnome.  Further, there is no mechanism to compile xscreensaver-gnome with PAM support other than editing the Makefile to remove the --without-pam option.
>How-To-Repeat:
setup a system with NIS or LDAP support.  Log into gdm with a user not in the /etc/passwd file but in NIS or LDAP.  Setup xscreensaver to lock the screen.  Lock the screen.  Attempt to unlock the screen with users password (not root password).

>Fix:
Either

1) remove the --without-pam option from xscreensaver-gnome/Makefile and be consistent with gdm
2) use WITHOUT_PAM to selectively set the --without-pam option
3) use WITH_PAM to selectively remove the --without-pam option

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200401121026.i0CAQ6bX003546>