Red Hat Bugzilla – Bug 442565
pam_sepermit exclusive does not work with gnome-screensaver
Last modified: 2008-05-21 03:54:45 EDT
Description of problem:
sepermit should only check exclusive if it is running as root, otherwise it
sees itself and fails.
I was thinking about this and I simply think that pam_sepermit should not be
added to the gnome-screensaver pam configuration at all (and use for example
'auth sufficient pam_succeed_if.so user = xguest') or there should be an option
to ignore the exclusive flags in the configuration file which would be used with
pam_sepermit and screensaver.
Created attachment 302484 [details]
I was thinking just check for uid==0
This patch works for me.
The problem with hard coding xguest is it forces users to edit the pam stack.
Created attachment 302491 [details]
Base decision on euid
The decision should be based on effective uid rather than on real. Also I moved
the test a little bit later - there might be some more flags added in future.
The question is whether adding an explicit option to the module to ignore the
exclusive flag could be useful or not. But as I see it currently this patch
should be sufficient.
Ok, I was debating whether to put it there. I can never remember the correct
get*uid call to call.
Can you get this out for Fedora 9?
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here: