On Mon, Apr 07, 2008 at 04:36:51PM +1000, Andrew Reilly wrote: > On Sun, Apr 06, 2008 at 01:51:13PM -0400, Joe Marcus Clarke wrote: > > > Joe> This is typically the case when one builds gnome-screensaver > > > with PAM > > > Joe> support, but they are currently using a PAM module which > > > requires the > > > Joe> executable be setuid root (e.g. pam_unix). The only workaround > > > is to > > > Joe> rebuild gnome-screensaver without PAM support, or use a > > > different PAM > > > Joe> module which does not require root privileges. > > > > > > I've tried copying /etc/pam.d/gdm to /etc/pam.d/gnome-screensaver, but > > > also thats of no use. Any ideas, why is that not working inspite of > > > /usr/local/libexec/gnome-screensaver-dialog being setuid, hmm...? > > > > PAM and gnome-screensaver do not work together if you are using > > pam_unix. Rebuild gnome-screensaver without PAM support, and it will > > instead read /etc/master.passwd directly to authenticate the user. That > > will work.
Just to add a bit more noise to this discussion: I've just re-configured gnome-screensaver to not use PAM, and re-installed. When doing so, I discovered that this installs gnome-screensaver-dialog, which is setuid root. Clearly, that's necessary in order to look at master.passwd directly. Isn't the same setuid-root done when PAM is involved? Cheers, -- Andrew _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "[EMAIL PROTECTED]"