The problem with the two password requests can be solved by adding
'use_first_pass' to the line with pam_unix.so, such that it looks like
auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure use_first_pass
However, this does not solve the problem when the LDAP connection is
encrypted and the certificate can only be read by root. Also in Hardy
gnome-screensaver does not seem to communicate with the NSCD, but tries
to call the LDAP server directly.
I still don't get why the workaround setting gnome-screensaver-dialog
SUID doesn't work anymore. In that case pam_ldap should run with root
rights. Has anyone more insight on the authentication mechanism? Maybe
gnome-screensaver-dialog calls another program to do the actual
verification in newer versions...
--
Unable to unlock screen when using ldap
https://bugs.launchpad.net/bugs/64301
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is the registrant for gnome-screensaver.
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
