You can take this or leave it, I don't care. :) The attached patch hacks in PAM support for the built-in lock function.
Created attachment 8579 [details] PAM support against screen-3.9.8-2
its crazy, but why not?
hmm, inifinte loop. disabling the patch untill I can fix
*finally has a chance to grab the SRPM and build* Huh. Weird. Doesn't do that against 3.9.8. I'll try and find some time to poke at it a bit myself. :)
OK... It's looping because there is no /etc/pam.d/screen PAM configuration file, so PAM doesn't know how to prompt for the password. What's interesting, however, is that pam_start() doesn't appear to be returning an error in this case. I don't have a lot of time to play right now, but this weekend, I'd be interested to take a look at how other PAM-aware applications behave when their service config files aren't present. At any rate, a simple /etc/pam.d/screen fixes it: #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth
Well, after looking at a couple of other PAM-aware applications (namely, vlock and login), it would appear that freaking out and endless looping (in the case of vlock, which just spins waiting for the correct password), or looping a specified number of times (in the case of login, which fails after a certain number of incorrect passwords entered) is normal behavior for a PAM app that doesn't have a service config file. I'd tend to consider this a misfeature of PAM, but don't really know the PAM API well enough to say that with authority. :)