Re: Bigger annoyance with locking.

[Trent W. Buck]

On Thu, Nov 13, 2008 at 08:21:38PM -0500, Dan Mahoney, System Admin wrote:
>>> Sadly, even though I am root on the systems involved -- the tweak we
>>> really need here is extending screen's builtin lock to support the
>>> password stored in .screenrc
>>
>> Clearly I don't know what you're talking about, because what I *thought*
>> you were talking about works as you ask for.
>>
>> Namely, I run :password interactively to generate a hashed password in
>> the default register.  I use C-a ] to paste it into .screenrc, as in
>>
>>    password ASDFASDFASDF
>
> Yes, and it's used as a password on screen-reattach.  Not when
> screen is locked.

My experimental evidence directly contradicts your assertion.

> I would like screen's built-in-lock to use that same password.
>
>> Later, in either the current or a new screen session, I run
>> :lockscreen.  It blanks the screen, changing it to
>>
>>    Screen used by Trent W. Buck <twb>
>>    Password:
>>    Screen password:
>>
>> The first prompt is for my login password.  THE SECOND PROMPT IS FOR MY
>> SCREEN PASSWORD.
>
> Exactly, it's asking for your login password.

It asks for *both* the login password and the screen session password.

>>    echo password ASDFASDFASDF >~/.screenrc.secret
>>    echo source ~/.screerc.secret >>~/.screenrc
>
> And which PAM module would that use?  Which facility, for that matter?

It doesn't use PAM, because it's not a system-wide password.  It's a
separate per-session password specific to Screen.

Screen prompts for the login password before the session password, and
the former COULD be gotten via PAM.