Bug 25392
Summary: | PAM support for screen locking | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] Red Hat Raw Hide | Reporter: | Chris Rode <electro> | ||||
Component: | screen | Assignee: | Crutcher Dunnavant <crutcher> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | David Lawrence <dkl> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 1.0 | Keywords: | FutureFeature | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | i386 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Enhancement | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2001-01-31 18:07:41 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Chris Rode
2001-01-31 18:06:51 UTC
Created attachment 8579 [details]
PAM support against screen-3.9.8-2
its crazy, but why not? hmm, inifinte loop. disabling the patch untill I can fix *finally has a chance to grab the SRPM and build* Huh. Weird. Doesn't do that against 3.9.8. I'll try and find some time to poke at it a bit myself. :) OK... It's looping because there is no /etc/pam.d/screen PAM configuration file, so PAM doesn't know how to prompt for the password. What's interesting, however, is that pam_start() doesn't appear to be returning an error in this case. I don't have a lot of time to play right now, but this weekend, I'd be interested to take a look at how other PAM-aware applications behave when their service config files aren't present. At any rate, a simple /etc/pam.d/screen fixes it: #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth Well, after looking at a couple of other PAM-aware applications (namely, vlock and login), it would appear that freaking out and endless looping (in the case of vlock, which just spins waiting for the correct password), or looping a specified number of times (in the case of login, which fails after a certain number of incorrect passwords entered) is normal behavior for a PAM app that doesn't have a service config file. I'd tend to consider this a misfeature of PAM, but don't really know the PAM API well enough to say that with authority. :) |