-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there any reason why the kscreensaver3 pam file is the way it is?
We install our own /etc/pam.d/system-auth file (and, the winbind setup during install does something similar, copying /etc/pam.d/system-auth-winbind over /etc/pam.d/system-auth), which works ~ with almost everything, except (as I discovered this morming) the KDE screen saver. [bgmilne@bgmilne bgmilne]$ cat /etc/pam.d/kde3 #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_console.so [bgmilne@bgmilne bgmilne]$ cat /etc/pam.d/kscreensaver3 #%PAM-1.0 auth sufficient /lib/security/pam_linux_afs.so ignore_root #auth sufficient /lib/security/pam_linux_afs.so no_unlog ignore_root auth required /lib/security/pam_pwdb.so shadow nullok Is there any reason why a non-existent (on Mandrake) pam module is used?: [bgmilne@bgmilne bgmilne]$ urpmf /lib/security/pam_linux_afs.so [bgmilne@bgmilne bgmilne]$ Could the following not just be used? auth required /lib/security/pam_stack.so service=system-auth That's what xscreensaver does: [bgmilne@bgmilne bgmilne]$ cat /etc/pam.d/xscreensaver #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth [bgmilne@bgmilne bgmilne]$ (In the end, this means that the biggest issue with winbind on desktops in a windows domain is the fact that users won't be able to get back into their machines if they lock their desktop :-( And the same a applies to LDAP, which is my case). Buchan - -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9tUe4rJK6UGDSBKcRAm7kAJoCwo/wU5Ort8yekjOVDKl69oRx4gCdF2wU RvjGBd0LTz6bXDXmxNdBb64= =cABG -----END PGP SIGNATURE-----