Re: Bigger annoyance with locking.

[Trent W. Buck]

On Thu, Nov 13, 2008 at 10:08:50PM -0500, Dan Mahoney, System Admin wrote:
> But you've stated that with pam in the mix and a "null" password,
> you basically get it accepting any password.  So you too, are an
> audience for the "keep this password in .screenrc and be done with
> it" :)

Nope.  The session pasword is already in .screenrc, and it should stay
there.  But the login password should NOT need to be specified to
Screen in any way but PAM.  That's what PAM's there for, and I'm happy
with it.

I imagine that I am prompted for a null login password because Screen
is not using PAM quite correctly.

> NIS basically supplants your system's getpw* functions, so it should  
> return an identical result as your standard ones.

To clarify: I meant NIS *via PAM*.

> Oh, there's #IFDEF and #IFNDEF all over the code.  And I suspect part of  
> the "resistance" here is because PAM is supposed to be such a universal  
> answer, that we don't want to resort to local crypted passwords anymore.

Do you dispute this?  Can you provide a concise explanation of why PAM
is not sufficient?