On Fri, Mar 07, 2008 at 02:03:51PM -0500, Kyle McDonald wrote: > Brian Cameron wrote: > >Since the lock screen program requires a backend daemon running as > >root which actually talks to PAM, and since this root daemon should > >have access to the Xauth keys for each display, it shouldn't be hard > >to make lockscreen work like this: > > > > > Will the daemon running as root have access to all the xauth keys? > > I'm working from memory, but back when I managed a system using NIS+ and > therefor SecureRPC's for NFS, and the user's homedirs were mounted with > the -secure option, root couldn't read any of thier files unless they > were world readable. > > Won't that be a problem for this daemon too?
This can be avoided by putting a copy of the xauth in tmpfs.
