Nicholas: > I should note that making use of Solaris privileges to help build a > trusted path between the screen lock process and the X11 server would > mean that the screen lock process must run on the same system as the X11 > server because getpeerucred(3C) doesn't work remotely [yet].
But the Xserver also runs as the user. The login program does some handshaking with the Xserver to make it drop to user perms after the user authenticates. Brian
