Bug 25392 - PAM support for screen locking
PAM support for screen locking
Status: CLOSED RAWHIDE
Product: Red Hat Raw Hide
Classification: Retired
Component: screen (Show other bugs)
1.0
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Crutcher Dunnavant
David Lawrence
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-01-31 13:06 EST by Chris Rode
Modified: 2007-03-26 23:40 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-01-31 13:07:41 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
PAM support against screen-3.9.8-2 (3.32 KB, patch)
2001-01-31 13:07 EST, Chris Rode
no flags Details | Diff

  None (edit)
Description Chris Rode 2001-01-31 13:06:51 EST
You can take this or leave it, I don't care. :)

The attached patch hacks in PAM support for the built-in lock function.
Comment 1 Chris Rode 2001-01-31 13:07:38 EST
Created attachment 8579 [details]
PAM support against screen-3.9.8-2
Comment 2 Crutcher Dunnavant 2001-06-26 16:35:14 EDT
its crazy, but why not?
Comment 3 Crutcher Dunnavant 2001-06-26 17:36:58 EDT
hmm, inifinte loop. disabling the patch untill I can fix
Comment 4 Chris Rode 2001-07-06 02:13:58 EDT
*finally has a chance to grab the SRPM and build*  Huh.  Weird.  Doesn't do 
that against 3.9.8.  I'll try and find some time to poke at it a bit myself. :)
Comment 5 Chris Rode 2001-07-06 13:43:21 EDT
OK... It's looping because there is no /etc/pam.d/screen PAM configuration 
file, so PAM doesn't know how to prompt for the password.  What's interesting, 
however, is that pam_start() doesn't appear to be returning an error in this 
case.  I don't have a lot of time to play right now, but this weekend, I'd be 
interested to take a look at how other PAM-aware applications behave when their 
service config files aren't present.  At any rate, a simple /etc/pam.d/screen 
fixes it:

#%PAM-1.0
auth       required     /lib/security/pam_stack.so service=system-auth
Comment 6 Chris Rode 2001-07-07 13:59:26 EDT
Well, after looking at a couple of other PAM-aware applications (namely, vlock 
and login), it would appear that freaking out and endless looping (in the case 
of vlock, which just spins waiting for the correct password), or looping a 
specified number of times (in the case of login, which fails after a certain 
number of incorrect passwords entered) is normal behavior for a PAM app that 
doesn't have a service config file.  I'd tend to consider this a misfeature of 
PAM, but don't really know the PAM API well enough to say that with 
authority. :)

Note You need to log in before you can comment on or make changes to this bug.