Description of problem: If a user can be authenticated using Kerberos, then xscreensaver does not use PAM to authenticate a user who can supply a correct Kerberos password. Version-Release number of selected component (if applicable): 4.18-18 How reproducible: Always. Steps to Reproduce: 1. Configure PAM to *not* use Kerberos, using authconfig. 2. Log in as a user with a corresponding Kerberos principal in the local Kerberos realm. 3. Lock the screen. 4. When attempting to unlock the screen, supply the user's Kerberos password. Actual results: The screen unlocks. Expected results: The screen should stay locked because PAM did not okay the user. Additional info: This is caused because xscreensaver's configure script detects Kerberos at compile-time, and if support for Kerberos is compiled into xscreensaver, then xscreensaver will attempt to verify a password using Kerberos before it will attempt to verify it using PAM. Passing "--without-kerberos" to configure should fix it.