Re: Bigger annoyance with locking.

[Trent W. Buck]

On Thu, Nov 13, 2008 at 09:04:25PM -0500, Dan Mahoney, System Admin wrote:
>> It asks for *both* the login password and the screen session
>> password.
>
> Yes, and the point is: I don't have a login password, so upon
> "locking" I am given the opportunity to create one, which has no
> persistent form of storage?

That sounds like Screen is not compatible with whatever Kerberos stuff
you're using.

> Are you trying this with a "*"'d account, which is usable in
> situations such as:

I have tested this on systems using null passwords, local md5
passwords, and NIS passwords.  I have not tested this on a system
using Kerberos for user accounts.

> #ifndef USE_PAM
> [...]  I should note that that block is only in use if you're *not*
> using pam, which I guess is how the BSD port builds things.

All my systems use PAM.

> If you're not seeing the above behavior, you probably have screen
> compiled with PAM support -- which from your pov likely means your
> "unlock" password's being passed through that stack.

Agreed.


> If the pam support had been tested at all on this distro -- even from 
> what Micah said previously: "I would support extending screen's builtin 
> lock to support PAM" -- led me to believe screen was pam-unaware until I 
> just now looked at the code.

Probably Micah hasn't had to look at that part of the code yet.