[screen-devel] [bug #68168] Cannot unlock users session with sssd backed authentication

Mon, 23 Mar 2026 03:30:02 -0700 

URL:
  <https://savannah.gnu.org/bugs/?68168>

                 Summary: Cannot unlock users session with sssd backed
authentication
                   Group: GNU Screen
               Submitter: None
               Submitted: Mon 23 Mar 2026 10:29:34 AM UTC
                Category: Program Logic
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Unlocked
                 Release: 5.0.1
           Fixed Release: None
         Planned Release: None
           Work Required: None


    _______________________________________________________

Follow-up Comments:


-------------------------------------------------------
Date: Mon 23 Mar 2026 10:29:34 AM UTC By: Anonymous
Here's what I'm doing:
- start new session: 
# screen -dR one

<snip>

[myhost]:~
nowaa$

- so far so good, I can now also lock the session with CTRL+a - x:

screen used by Nowa Ammerlaan <nowaa> on myhost.
Password:

- still good, I can unlock with my users password.


<snip>

[myhost]:~
nowaa$

- next I lock my session a second time (detaching has the same effect)

screen used by User for sssd <sssd> on myhost.
Password:

- now this is wrong, screen is asking for the password for the sssd user
(which is a nologin user). Now I can no longer login or re-attach to my
session. Something is going wrong in the detection of the user owning the
session.

This users password is backed by sssd.service, but the fact that I can unlock
successfully once indicates to me that this can work. It is only the
consecutive unlocks (or reattach) that fails.

I could not find anything in the manual indicating whether I can override the
authenticating user, but regardless the detection should be fixed. It is not
clear to me how exactly screen determines which user to ask the password for.
Listing the screen sessions shows that the session is indeed owned by my
user:

[myhost]:~
nowaa$ screen -ls
There is a screen on:
        969079.one      (Detached)
1 Socket in /run/screen/S-nowaa.

This is a Red Hat 10 system running screen version 5.0.1 (build on 2025-06-30
00:06:00)







    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?68168>

_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/

Attachment: signature.asc
Description: PGP signature

Reply via email to