Bug 25392 - PAM support for screen locking
Summary: PAM support for screen locking
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: screen   
(Show other bugs)
Version: 1.0
Hardware: i386 Linux
low
medium
Target Milestone: ---
Assignee: Crutcher Dunnavant
QA Contact: David Lawrence
URL:
Whiteboard:
Keywords: FutureFeature
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-01-31 18:06 UTC by Chris Rode
Modified: 2007-03-27 03:40 UTC (History)
0 users

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-01-31 18:07:41 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
PAM support against screen-3.9.8-2 (3.32 KB, patch)
2001-01-31 18:07 UTC, Chris Rode
no flags Details | Diff

Description Chris Rode 2001-01-31 18:06:51 UTC
You can take this or leave it, I don't care. :)

The attached patch hacks in PAM support for the built-in lock function.

Comment 1 Chris Rode 2001-01-31 18:07:38 UTC
Created attachment 8579 [details]
PAM support against screen-3.9.8-2

Comment 2 Crutcher Dunnavant 2001-06-26 20:35:14 UTC
its crazy, but why not?

Comment 3 Crutcher Dunnavant 2001-06-26 21:36:58 UTC
hmm, inifinte loop. disabling the patch untill I can fix

Comment 4 Chris Rode 2001-07-06 06:13:58 UTC
*finally has a chance to grab the SRPM and build*  Huh.  Weird.  Doesn't do 
that against 3.9.8.  I'll try and find some time to poke at it a bit myself. :)

Comment 5 Chris Rode 2001-07-06 17:43:21 UTC
OK... It's looping because there is no /etc/pam.d/screen PAM configuration 
file, so PAM doesn't know how to prompt for the password.  What's interesting, 
however, is that pam_start() doesn't appear to be returning an error in this 
case.  I don't have a lot of time to play right now, but this weekend, I'd be 
interested to take a look at how other PAM-aware applications behave when their 
service config files aren't present.  At any rate, a simple /etc/pam.d/screen 
fixes it:

#%PAM-1.0
auth       required     /lib/security/pam_stack.so service=system-auth


Comment 6 Chris Rode 2001-07-07 17:59:26 UTC
Well, after looking at a couple of other PAM-aware applications (namely, vlock 
and login), it would appear that freaking out and endless looping (in the case 
of vlock, which just spins waiting for the correct password), or looping a 
specified number of times (in the case of login, which fails after a certain 
number of incorrect passwords entered) is normal behavior for a PAM app that 
doesn't have a service config file.  I'd tend to consider this a misfeature of 
PAM, but don't really know the PAM API well enough to say that with 
authority. :)



Note You need to log in before you can comment on or make changes to this bug.