Hi Rick & Roman, Rick Huijzer <[email protected]> skribis:
> It seems that xscreensaver-auth needs to be setuid instead of the main > xscreensaver binary. The screen-locker-service in xorg.scm sets the > provided package setuid and sets the required pam configuration for the > provided package. The problem is that the pam configuration needs to be set > for xscreensaver (/etc/pam.d/xscreensaver) and setuid needs to be set for > xscreensaver-auth. > > Interestingly when I setuid xscreensaver-auth manually I run into the > following when unlocking: > Aug 10 13:35:02 localhost unix_chkpwd[2197]: check pass; user unknown > Aug 10 13:35:02 localhost unix_chkpwd[2197]: password check failed for user > (rhuijzer) > Aug 10 13:35:02 localhost xscreensaver-auth: pam_unix(xscreensaver:auth): > authentication failure; logname= uid=1000 euid=1000 tty=:0 ruser= rhost= > user=rhuijzer > > But this might be fixed in time by [RFC PATCH] gnu: linux-pam: Change path > to unix_chkpwd helper <https://issues.guix.gnu.org/53468>. > > I don't know how to fix this elegantly, maybe create a dedicated service > for xscreensaver instead of the standard screen-locker-service? Yes, either that or a special case in ‘screen-locker-service’. Could you give it a try? Unfortunately I’m going to be away from keyboard for a bit; please do ping here and/or on IRC if you don’t get a timely reply. Thanks, Ludo’.
