Description of problem: sepermit should only check exclusive if it is running as root, otherwise it sees itself and fails.
I was thinking about this and I simply think that pam_sepermit should not be added to the gnome-screensaver pam configuration at all (and use for example 'auth sufficient pam_succeed_if.so user = xguest') or there should be an option to ignore the exclusive flags in the configuration file which would be used with pam_sepermit and screensaver.
Created attachment 302484 [details] I was thinking just check for uid==0
This patch works for me. The problem with hard coding xguest is it forces users to edit the pam stack.
Created attachment 302491 [details] Base decision on euid The decision should be based on effective uid rather than on real. Also I moved the test a little bit later - there might be some more flags added in future. The question is whether adding an explicit option to the module to ignore the exclusive flag could be useful or not. But as I see it currently this patch should be sufficient.
Ok, I was debating whether to put it there. I can never remember the correct get*uid call to call. Can you get this out for Fedora 9?
Changing version to '9' as part of upcoming Fedora 9 GA. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping