On Wed, Apr 23, 2008 at 06:36:02AM +1000, Alex Samad wrote: > Hi > > I use xscreensaver 5.05-1, and I am using ldap users (nss-ldapd & > pam-ldap). Just recently I have noticed that when I unlock xscreensaver > I get > > permissions on the password database maybe too restrictive > > not sure where to look for this, xscreensaver seems to be the only app > having problems > > > I can > getent passwd alex > getent passwd > getent groups > id > id alex > > but I have just realised I can't > getent shadow > getent shadow alex > > i see nothing, > > but I can > sudo getent shadow > > I presume that is normal > >
I turned on xscreensaver verbose flag and found this pam_conversation (...) ==> PAM_SUCCESS xscreensaver: 06:43:16: pam_conversation (TEXT_INFO="Permissions on the password database may be too restrictive.") . this is in my common-auth auth [success=1 default=ignore] pam_unix2.so auth required pam_ldap.so use_first_pass auth required pam_permit.so I have added some debugging with auth [success=1 default=ignore] pam_unix2.so debug and I have this in my logs now Apr 23 06:54:58 hufpuf xscreensaver: pam_unix2(xscreensaver:auth): pam_sm_authenticate() called Apr 23 06:54:58 hufpuf xscreensaver: pam_unix2(xscreensaver:auth): username=[alex] Apr 23 06:54:59 hufpuf xscreensaver: pam_unix2(xscreensaver:auth): wrong password, return PAM_AUTH_ERR Apr 23 06:55:00 hufpuf xscreensaver: pam_unix2(xscreensaver:setcred): pam_sm_setcred() called Apr 23 06:55:00 hufpuf xscreensaver: pam_unix2(xscreensaver:setcred): username=[alex] Apr 23 06:55:00 hufpuf xscreensaver: pam_unix2(xscreensaver:setcred): pam_sm_setcred: PAM_SUCCESS Not sure who to report a bug against Alex
signature.asc
Description: Digital signature
