On 03 Apr 2007 09:47:07 +0200, Joakim Karlsson <[EMAIL PROTECTED]> wrote:
"Stephen John Smoogen" <[EMAIL PROTECTED]> writes:

> On 02 Apr 2007 13:09:07 +0200, Joakim Karlsson <[EMAIL PROTECTED]> wrote:
> > Joakim Karlsson <[EMAIL PROTECTED]> writes:
> >
> > Problem solved. The bug was behind the keyboard. Seems like pam has
> > become a little bit more strict regarding what, how and in what order
> > you put in your config-file.
>
> Could you post a working config? And are you seeing problems with
> pam_tally and screensaver. There was an issue a while back that you
> could lock yourself out with pam_tally on KDE/screensaver/etc that
> were running as a user and not root. I thought it couldnt be worked
> around without something like a helper app utempter was built.

patch /etc/pam.d/system-auth-ac <<EOF
4a5
> auth        required     pam_tally.so deny=2
9a11
> account     required     pam_tally.so reset
EOF


Yes, the screensaver is still a unsolved problem for us. Previously
with xscreensaver it was as you suggest more or less impossible due to
the way xscreensaver authenticated the user. We haven't had time to
see if gnome-screensaver works in a different way, or if there is some
other way to get it to work.


gnome-screensaver does work the same way. The work-around I ended up
with was finding all the pam modules that are called from non setuid
root programs and having them go to a system-auth-noroot file that
didnt call pam_tally




--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"

_______________________________________________
rhelv5-list mailing list
rhelv5-list@redhat.com
https://www.redhat.com/mailman/listinfo/rhelv5-list

Reply via email to