Hi This is an error I was getting on xscreensaver that i noticed was being caused by pam.
I tied the debian-user list, but thought it more appropriate in deb-sec
basically I have this in my common-auth
auth [success=1 default=ignore] pam_unix2.so
auth required pam_ldap.so use_first_pass
auth required pam_permit.so
and I get this error when I attempt to unlock my xscreensaver
from a verbose xscreensaver
pam_conversation (...) ==> PAM_SUCCESS
xscreensaver: 06:43:16: pam_conversation (TEXT_INFO="Permissions on
the password database may be too restrictive.") .
from pam_unix2 debug
Apr 23 06:54:58 hufpuf xscreensaver: pam_unix2(xscreensaver:auth):
pam_sm_authenticate() called
Apr 23 06:54:58 hufpuf xscreensaver: pam_unix2(xscreensaver:auth):
username=[alex]
Apr 23 06:54:59 hufpuf xscreensaver: pam_unix2(xscreensaver:auth): wrong
password, return PAM_AUTH_ERR
Apr 23 06:55:00 hufpuf xscreensaver: pam_unix2(xscreensaver:setcred):
pam_sm_setcred() called
Apr 23 06:55:00 hufpuf xscreensaver: pam_unix2(xscreensaver:setcred):
username=[alex]
Apr 23 06:55:00 hufpuf xscreensaver: pam_unix2(xscreensaver:setcred):
pam_sm_setcred: PAM_SUCCESS
I have had this setup for a while, so I am not sure what has changed
recently.
thanks
Alex
On Wed, Apr 23, 2008 at 06:36:02AM +1000, Alex Samad wrote:
> Hi
>
> I use xscreensaver 5.05-1, and I am using ldap users (nss-ldapd &
> pam-ldap). Just recently I have noticed that when I unlock xscreensaver
> I get
>
> permissions on the password database maybe too restrictive
>
> not sure where to look for this, xscreensaver seems to be the only app
> having problems
>
>
> I can
> getent passwd alex
> getent passwd
> getent groups
> id
> id alex
>
> but I have just realised I can't
> getent shadow
> getent shadow alex
>
> i see nothing,
>
> but I can
> sudo getent shadow
>
> I presume that is normal
>
>
I turned on xscreensaver verbose flag and found this
pam_conversation (...) ==> PAM_SUCCESS
xscreensaver: 06:43:16: pam_conversation (TEXT_INFO="Permissions on
the password database may be too restrictive.") .
this is in my common-auth
auth [success=1 default=ignore] pam_unix2.so
auth required pam_ldap.so use_first_pass
auth required pam_permit.so
I have added some debugging
with
auth [success=1 default=ignore] pam_unix2.so debug
and I have this in my logs now
Apr 23 06:54:58 hufpuf xscreensaver: pam_unix2(xscreensaver:auth):
pam_sm_authenticate() called
Apr 23 06:54:58 hufpuf xscreensaver: pam_unix2(xscreensaver:auth):
username=[alex]
Apr 23 06:54:59 hufpuf xscreensaver: pam_unix2(xscreensaver:auth): wrong
password, return PAM_AUTH_ERR
Apr 23 06:55:00 hufpuf xscreensaver: pam_unix2(xscreensaver:setcred):
pam_sm_setcred() called
Apr 23 06:55:00 hufpuf xscreensaver: pam_unix2(xscreensaver:setcred):
username=[alex]
Apr 23 06:55:00 hufpuf xscreensaver: pam_unix2(xscreensaver:setcred):
pam_sm_setcred: PAM_SUCCESS
Not sure who to report a bug against
Alex
----- End forwarded message -----
--
"All up and down the different aspects of our society, we had meaningful
discussions. Not only in the Cabinet Room, but prior to this and after this
day, our secretaries, respective secretaries, will continue to interact to
create the conditions necessary for prosperity to reign."
- George W. Bush
05/19/2003
Washington, DC
signature.asc
Description: Digital signature
