Weird PAM behavior (Was: KDE and desktop locking)
Michal Kochanowicz
michal at michal.waw.pl
Sat Nov 13 14:08:43 CET 2004
On Fri, Nov 12, 2004 at 09:15:36AM +0100, Marcin Król wrote:
> on AC, after entering bad password there is a dialog too, but saying:
> "Caonnot unlock session because authentication system failed to work.
> You must kill kdesktop_lock (pid 12345) manually". This information is
> misleading, as the authentication system _did not_ failed to work. It
> _worked ok_ and checked that password was invalid. Note about manually
Well, not. It failed. pam_authenticate() returns code "1", and
pam_strerror() translates it to "dlopen() failure". Making kcheckpass
SUID root solves the problem, but this isn't The Right Way (tm), I
think, because PAM uses SUID root helper, /sbin/unix_chkpwd and other
SUIDs shouldn't be necessary.
I think we need someone with better PAM understanding to explain why it
doesn't work without SUID.
PS.
#v+
[misiek at wieszak misiek]$ cat /etc/pam.d/kdesktop
#%PAM-1.0
auth required pam_unix.so shadow nullok
[misiek at wieszak misiek]$
#v-
--
--= Michal Kochanowicz =--==--==BOFH==--==--= michal at michal.waw.pl =--
--= finger me for PGP public key or visit http://michal.waw.pl/PGP =--
--==--==--==--==--==-- Vodka. Connecting people.--==--==--==--==--==--
A chodzenie po górach SSIE!!!
More information about the pld-devel-en
mailing list