Bug 149731 - xscreensaver bypasses PAM for Kerberos users
xscreensaver bypasses PAM for Kerberos users
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: xscreensaver (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ray Strode [halfline]
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-25 15:32 EST by Nalin Dahyabhai
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: 4.18-19
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-25 15:34:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Nalin Dahyabhai 2005-02-25 15:32:38 EST
Description of problem:
If a user can be authenticated using Kerberos, then xscreensaver does
not use PAM to authenticate a user who can supply a correct Kerberos
password.

Version-Release number of selected component (if applicable):
4.18-18

How reproducible:
Always.

Steps to Reproduce:
1. Configure PAM to *not* use Kerberos, using authconfig.
2. Log in as a user with a corresponding Kerberos principal in the
local Kerberos realm.
3. Lock the screen.
4. When attempting to unlock the screen, supply the user's Kerberos
password.
  
Actual results:
The screen unlocks.

Expected results:
The screen should stay locked because PAM did not okay the user.

Additional info:
This is caused because xscreensaver's configure script detects
Kerberos at compile-time, and if support for Kerberos is compiled into
xscreensaver, then xscreensaver will attempt to verify a password
using Kerberos before it will attempt to verify it using PAM.  Passing
"--without-kerberos" to configure should fix it.

Note You need to log in before you can comment on or make changes to this bug.