xscreensaver appears to be failing to authenticate my password to unlock the screen. Reproducible: Always Steps to Reproduce: 1. Sit down in front of workstation after xscreensaver has locked 2. Enter password 3. Read xscreesavers brief apology before going back to locked Actual Results: I have to kill X, losing all my unsaved work # from /etc/pam.d/xscreensaver auth include system-auth # versions x11-misc/xscreensaver-4.22-r4 sys-libs/pam-0.78-r2 # emerge --info Portage 2.0.51.22-r3 (default-linux/x86/2005.1, gcc-3.3.6, glibc-2.3.5-r2, 2.6. 12-gentoo-r10 i686) ================================================================= System uname: 2.6.12-gentoo-r10 i686 AMD Athlon(tm) 64 Processor 3200+ Gentoo Base System version 1.6.13 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] ccache version 2.3 [enabled] dev-lang/python: 2.3.5-r2, 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.15.92.0.2-r10 sys-devel/libtool: 1.5.20 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/ share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb / usr/lib/mozilla/defaults/pref /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/splash /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=i686 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache distcc distlocks sandbox sfperms strict" GENTOO_MIRRORS="ftp://gentoo.mirrors.tds.net/gentoo ftp://gentoo.netnitco.net/ pub/mirrors/gentoo/source/" MAKEOPTS="-j7" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.us.gentoo.org/gentoo-portage" USE="x86 3dnow 3dnowext X a52 alsa apm arts avi berkdb bitmap-fonts bonobo browserplugin cddb cdparanioa cdr crypt cups curl divx4linux dv dvd dvdr dvdread eds emboss encode esd fam fame ffmpeg firefox flac foomaticdb fortran gd gdbm gif gimpprint gnome gphoto2 gpm gstreamer gtk gtk2 gtkhtml guile hal imagemagick imlib ithreads java jpeg jpg junit kde lame libg++ libwww live mad mikmod mjpeg mmx mmxext motif mozilla mp3 mpeg mysql mythtv ncurses nls nsplugin nvidia offensive ogg oggvorbis opengl oss pam pdflib perl php png postgres ppds python qt quicktime rdesktop readline real samba sdl sensord spell sse ssl svga tcpd tiff truetype truetype-fonts type1-fonts v4l v4l2 vcd vidix vorbis vorbix win32codecs xine xml xml2 xmms xv xvid zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
I have had that recently on an alpha. I switched from XFCE to Gnome for some tests, and had the same behaviour. I can't confirm right now that it still works under XFCE4, but I guess it does (as I never had any problems with that on multiple machines).
Could You try the 4.23?
Same for 4.23 (at least for me)
Could you try with USE="new-login" ?
(In reply to comment #4) > Could you try with USE="new-login" ? > I fixed this by changing the following line in /etc/pam.d/xscreensaver auth include system-auth to auth required pam_permit.so
Hi, i have the same problem, but if i change auth include system-auth to auth required pam_permit.so every password works... for xscreensaver and gnome-screensaver
in addition to my last comment i have tested some workarounds... 1. set the suid bit for /usr/X11R6/bin/xscreensaver chmod u+x /usr/X11R6/bin/xscreensaver it works but is not really secure in my opinion 2. make the /etc/shadow systemwide readable works too but this isn't really secure ;-) I hope someone has a better Idea... hugo pam.d # emerge --info xscreensaver Portage 2.1.1_pre3-r5 (default-linux/x86/2005.1, gcc-3.4.6/vanilla, glibc-2.4-r3, 2.6.17-suspend2-r2 i686) ================================================================= System Settings ================================================================= System uname: 2.6.17-suspend2-r2 i686 Intel(R) Pentium(R) M processor 1.86GHz Gentoo Base System version 1.12.1 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] app-admin/eselect-compiler: 2.0.0_rc2-r1 dev-lang/python: 2.3.5, 2.4.3-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.18.1 sys-devel/autoconf: 2.13, 2.60 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.17 sys-devel/gcc-config: 2.0.0_rc1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r5 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -pipe -march=pentium-m -fomit-frame-pointer -mfpmath=sse" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/eselect/compiler /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/texmf/web2c" CXXFLAGS="-O2 -pipe -march=pentium-m -fomit-frame-pointer -mfpmath=sse" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distcc distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://pandemonium.tiscali.de/pub/gentoo/ http://130.59.10.34/ftp/mirror/gentoo/ ftp://mirror.usu.edu/mirrors/gentoo/" LANG="de_DE.utf8" LC_ALL="de_DE.utf8" LINGUAS="de en" MAKEOPTS="-j5" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X aalib acpi alsa apache2 avi berkdb bitmap-fonts bonobo cdr clamav cli crypt cups curl dbus dga directfb divx4linux dlloader dri dvd eds encode esd evo fam ffmpeg firefox flac flash foomaticdb gb gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml guile hal howl imagemagick imlib ipv6 isdnlog java jpeg libg++ libwww ly mad maildir mikmod mmx motif mp3 mpeg ncurses nls nptl nptlon nsplugin ogg oggvorbis opengl openssh openssl oss pam pcre pdf pdflib perl php png ppds pppd python qt3 qt4 quicktime readline reflection samba sdl session slang speex spell spl sqlite sse ssl tcltk tcpd tetex tiff transcode truetype truetype-fonts type1-fonts unicode vcd vorbis win32codecs wmf xface xine xml xml2 xorg xv xvid zlib elibc_glibc input_devices_keyboard input_devices_mouse kernel_linux linguas_de linguas_en userland_GNU video_cards_i915 video_cards_i810 video_cards_vesa video_cards_fbdev" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS ================================================================= Package Settings ================================================================= x11-misc/xscreensaver-5.00 was built with the following: CFLAGS="-O2 -U__VEC__ -fomit-frame-pointer -march=pentium-m -mfpmath=sse -pipe" CXXFLAGS="-O2 -U__VEC__ -fomit-frame-pointer -march=pentium-m -mfpmath=sse -pipe"
(In reply to comment #6) > Hi, i have the same problem, but if i change > > auth include system-auth > to > auth required pam_permit.so > > every password works... > > for xscreensaver and gnome-screensaver > Works to for kscreensaver Great thanks
*** Bug 143746 has been marked as a duplicate of this bug. ***
My xscreensaver won't unlock either, and neither will xlockmore. Both have the same pam config "auth include system-auth". Is there something in system-auth preventing the authentication for working for non-root processes? My system-auth has: auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth required pam_deny.so account required pam_unix.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password required pam_deny.so session required pam_limits.so session required pam_unix.so Is there anyone who has a working config for pam, so that they actually can unlock xscreensaver *without* running it setuid root?
Here, it works fine with xlockmore-5.17-r1, but not with xlockmore-5.19. No changes necessary to any file in /etc/pam.d/
Clarifying the bug for nelcheal who removed the last stable & non-affected version 5.17-r1 of x11-misc/xlockmore.
It seems x11-misc/xlockmore-5.21-r1 does not suffer from this bug, if that is what it is, instead of a Gentoo specific problem with the default configuration.
xlock still does not work, even with changing /etc/pam.d/xlock and /etc/pam.d/xscreensaver. Any ideas?
(In reply to comment #14) > xlock still does not work, even with changing /etc/pam.d/xlock and > /etc/pam.d/xscreensaver. Any ideas? > I changed /etc/pam.d/xlock to : auth include system-auth session include system-auth account include system-auth and it works. The original file omits "session" and "account" information.
Neither of the hints worked for me. /etc/pam.d/vlock looks similar to the xlock file, but vlock is working perfectly. x11-misc/xlockmore-5.19, sys-libs/pam-0.78-r3
(In reply to comment #16) Update: I just updated to 5.21-r1. Works for me now :)
(In reply to comment #17) > I just updated to 5.21-r1. Works for me now :) For me too (without modifying /etc/pam.d/xlock).
> > I just updated to 5.21-r1. Works for me now :) > For me too (without modifying /etc/pam.d/xlock). Closing
