Bug 108941 - Need mechanism to log out session (reboot) without password
Need mechanism to log out session (reboot) without password
Status: CLOSED CANTFIX
Product: Red Hat Linux
Classification: Retired
Component: xscreensaver (Show other bugs)
9
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Ray Strode [halfline]
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-11-03 11:14 EST by Harvey Wamboldt
Modified: 2007-04-18 12:59 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-02 14:17:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Harvey Wamboldt 2003-11-03 11:14:18 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1)
Gecko/20030225

Description of problem:
My PC is dual boot RedHat 9 and Windows.  I need a mechanism that
allows the machine to be rebooted when the screen is locked without
the password.

Version-Release number of selected component (if applicable):
xscreensaver-4.07-2

How reproducible:
Always

Steps to Reproduce:
1.Preferences->Screensaver Click lock screen and set time
2.
3.
    

Actual Results:  No way to log out or reboot machine after screen is
locked without user password.

Expected Results:  Screensaver popup should be configurable to allow
logout of user and reboot of machine.

Additional info: This is an important feature for desktop environments
. It is the little things that affect usability that make casual users
love or hate Linux.
Comment 1 David Masterson 2005-01-05 18:14:10 EST
At the very least, the screensaver should accept either the locking
user's password or root password to unlock the screen.  This is
important so that system administrators can unlock terminals of users
who have "left the building".
Comment 2 David Masterson 2005-01-05 18:16:08 EST
or, better yet, perhaps there should be a configurable "unlock"
password that the system administrator could set (and, thus, protect
root's password).
Comment 3 Jamie Zawinski 2005-02-27 22:23:26 EST
xscreensaver has always accepted the password of either the logged in user or
root.  If the root pw isn't working, then perhaps there's some PAM
misconfiguration getting in the way.  xscreensaver -verbose should provide some
clues about that on stderr.
Comment 4 Harvey Wamboldt 2005-02-28 08:54:52 EST
Clarification:

This machine is shared, regular users do not have and will not
get the root password. The machine needs a mechanism to allow
non-root users to log out the current session or reboot without the
locking user's or the root password.  After having users hit
the power switch a few times, it's obvious what's needed.
If xscreensaver doesn't have this functionality, perhaps there
is another screensaver that does? Note, this problem extends
beyond this OS version.

Best Rgds,

-H-
Comment 5 Ray Strode [halfline] 2005-02-28 14:39:43 EST
Hi Harvey,
You can press control-alt-backspace to terminate a locked session.

Jamie,
PAM will only allow user sessions to authenticate themselves, not root.

David,
It would probably be a bad idea to allow users to type in the root
password to break out of a screensaver lock dialog.  What's to keep a
user from running a program that looks like the xscreensaver lock
dialog  but just records the root password when the sysadmin tries to
break the session?  It would be a rather sizable security issue.

There are some ways to solve this problem.  A couple of them:

1) Add a "login another user" button to the lock dialog that just
launches gdm on another vt (ie runs gdmflexiserver).

2) Put some infrastructure in place going all the way down to the X
level that allows a "trusted path" for the user to get to a root
dialog.  The key sequence ctrl-alt-backspace can't be trapped by
programs so that sequence could be made to start a lock dialog/kill
session dialog that users could safely enter their (or the root)
passwords into.
Comment 6 Bill Nottingham 2006-08-05 01:22:19 EDT
Red Hat apologizes that these issues have not been resolved yet. We do want to
make sure that no important bugs slip through the cracks.

Red Hat Linux 7.3 and Red Hat Linux 9 are no longer supported by Red Hat, Inc.
They are maintained by the Fedora Legacy project (http://www.fedoralegacy.org/)
for security updates only. If this is a security issue, please reassign to the
'Fedora Legacy' product in bugzilla. Please note that Legacy security update
support for these products will stop on December 31st, 2006.

If this is not a security issue, please check if this issue is still present
in a current Fedora Core release. If so, please change the product and version
to match, and check the box indicating that the requested information has been
provided.

If you are currently still running Red Hat Linux 7.3 or 9, please note that
Fedora Legacy security update support for these products will stop on December
31st, 2006. You are strongly advised to upgrade to a current Fedora Core release
or Red Hat Enterprise Linux or comparable. Some information on which option may
be right for you is available at http://www.redhat.com/rhel/migrate/redhatlinux/.

Any bug still open against Red Hat Linux 7.3 or 9 at the end of 2006 will be
closed 'CANTFIX'. Again, if this bug still exists in a current release, or is a
security issue, please change the product as necessary. We thank you for your
help, and apologize again that we haven't handled these issues to this point.
Comment 8 Bill Nottingham 2007-01-02 14:17:12 EST
Red Hat Linux 7.3 and Red Hat Linux 9 are no longer supported by Red Hat, Inc.
f you are currently still running Red Hat Linux 7.3 or 9, you are strongly
advised to upgrade to a current Fedora Core release or Red Hat Enterprise Linux
or comparable. Some information on which option may be right for you is
available at http://www.redhat.com/rhel/migrate/redhatlinux/.

Closing as CANTFIX.

Note You need to log in before you can comment on or make changes to this bug.