Bug 21744 - nis and screen locking problems
nis and screen locking problems
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: xscreensaver (Show other bugs)
7.0
i386 Linux
low Severity low
: ---
: ---
Assigned To: Bill Nottingham
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-12-05 10:21 EST by David G. Richardson
Modified: 2014-03-16 22:17 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-12-05 10:21:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David G. Richardson 2000-12-05 10:21:37 EST
When an nis password is changed for a user that is currently logged into X 
and using xscreensaver with a password required, they can use their new 
password and old password to unlock the screen until they log out and back 
in again (at which point they can only use the new password to unlock the 
screen).

I tired logging in from a console and through telnet with the old password 
once I noticed this, and was unable to.  So it looks like the problem is 
with xscreensaver caching the password someplace.  Could this possiblely 
allow a local process to retreive a user's password from any locked 
displays?  This kind of seems like the motivation for not allowing the 
root password to unlock the display anymore (you could do it in redhat 
6.2, but not in 7.0)
Comment 1 Bill Nottingham 2000-12-05 10:54:36 EST
It caches the crypted string in NIS, IIRC. This would only be accessible
by processes run by the same users that run xscreensaver, who can get
that string anyways.

Note You need to log in before you can comment on or make changes to this bug.