Bug 25392

Summary: PAM support for screen locking
Product: [Retired] Red Hat Raw Hide Reporter: Chris Rode <electro>
Component: screenAssignee: Crutcher Dunnavant <crutcher>
Status: CLOSED RAWHIDE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: low    
Version: 1.0Keywords: FutureFeature
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-01-31 18:07:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
PAM support against screen-3.9.8-2 none

Description Chris Rode 2001-01-31 18:06:51 UTC 
You can take this or leave it, I don't care. :)

The attached patch hacks in PAM support for the built-in lock function.
Comment 1 Chris Rode 2001-01-31 18:07:38 UTC 
Created attachment 8579 [details]
PAM support against screen-3.9.8-2
Comment 2 Crutcher Dunnavant 2001-06-26 20:35:14 UTC 
its crazy, but why not?
Comment 3 Crutcher Dunnavant 2001-06-26 21:36:58 UTC 
hmm, inifinte loop. disabling the patch untill I can fix
Comment 4 Chris Rode 2001-07-06 06:13:58 UTC 
*finally has a chance to grab the SRPM and build*  Huh.  Weird.  Doesn't do 
that against 3.9.8.  I'll try and find some time to poke at it a bit myself. :)
Comment 5 Chris Rode 2001-07-06 17:43:21 UTC 
OK... It's looping because there is no /etc/pam.d/screen PAM configuration 
file, so PAM doesn't know how to prompt for the password.  What's interesting, 
however, is that pam_start() doesn't appear to be returning an error in this 
case.  I don't have a lot of time to play right now, but this weekend, I'd be 
interested to take a look at how other PAM-aware applications behave when their 
service config files aren't present.  At any rate, a simple /etc/pam.d/screen 
fixes it:

#%PAM-1.0
auth       required     /lib/security/pam_stack.so service=system-auth
Comment 6 Chris Rode 2001-07-07 17:59:26 UTC 
Well, after looking at a couple of other PAM-aware applications (namely, vlock 
and login), it would appear that freaking out and endless looping (in the case 
of vlock, which just spins waiting for the correct password), or looping a 
specified number of times (in the case of login, which fails after a certain 
number of incorrect passwords entered) is normal behavior for a PAM app that 
doesn't have a service config file.  I'd tend to consider this a misfeature of 
PAM, but don't really know the PAM API well enough to say that with 
authority. :)