xscreensaver refuses my local password when it prompts for password in it's dialog. same time it accepts ldap password. i've made small investigation, and discovered, that it just hasn't permissions to read /etc/shadow(i've made /etc/shadow world readable and xscreensaver accepted local password, but obviously it's not secure), as it's not suid'ed. Not sure if it's bug, could be misconfiguration. ---- installed version: x11-misc/xscreensaver-4.24 ---- boda@boda ~ $ ls -l `which xscreensaver` -rwxr-xr-x 1 root root 223196 Май 24 14:00 /usr/bin/xscreensaver ---- boda ~ # grep -E -v "^#|^$" /etc/pam.d/xscreensaver auth include system-auth ---- boda ~ # grep -E "^auth" /etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_ldap.so auth sufficient pam_unix.so try_first_pass likeauth nullok auth required pam_deny.so ---- from /var/log/messages: May 31 10:22:07 boda xscreensaver: pam_ldap: error trying to bind as user "uid=boda,ou=People,ou=zt,o=wap3,c=ua" (Invalid credentials) May 31 10:22:07 boda xscreensaver(pam_unix)[16810]: authentication failure; logname= uid=4106 euid=4106 tty=:0.0 ruser= rhost= user=boda May 31 10:22:08 boda xscreensaver(pam_unix)[16810]: authentication failure; logname= uid=4106 euid=4106 tty=:0.0 ruser= rhost= user=root May 31 10:22:10 boda xscreensaver[16810]: FAILED LOGIN 1 ON DISPLAY ":0.0", FOR "boda" ---- boda@boda ~ $ emerge --info Portage 2.0.54-r2 (default-linux/x86/2006.0, gcc-3.4.6, glibc-2.3.6-r3, 2.6.16-gentoo-r7 i686) ================================================================= System uname: 2.6.16-gentoo-r7 i686 Intel(R) Celeron(R) CPU 2.53GHz Gentoo Base System version 1.6.14 dev-lang/python: 2.4.2 dev-python/pycrypto: [Not Present] dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1-r2 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O3 -pipe -mtune=i686 -march=pentium4 -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O3 -pipe -mtune=i686 -march=pentium4 -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="ru_RU.UTF-8" LC_ALL="" LINGUAS="ru" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X a52 aac alsa apache2 apm asf audiofile automount avi berkdb bitmap-fonts bluetooth bonobo bzip2 cdr cgi cli crypt cups curl curlwrappers dba dga divx4linux dri dv dvb dvd dvdr dvdread eds emboss encode esd exif expat fam fastcgi fbcon ffmpeg flac foomaticdb fortran ftp gd gdbm gif glut gnome gpm gstreamer gtk gtk2 gtkhtml hal iconv icq idn imagemagick imap imlib ipv6 isdnlog jabber java javascript jpeg lame lcms ldap libg++ libwww lm_sensors mad mbox mikmod mime mmx mmxext mng motif mozilla mp3 mpeg mysql mysqli ncurses nls nptl nptlonly nsplugin ogg opengl openldap oss pam pcntl pcre pdflib perl php png posix pppd python quicktime readline recode reflection samba sdl session sharedmem slang soap sockets speex spell spl sse sse2 ssl tcpd theora tidy tiff truetype truetype-fonts type1-fonts udev unicode usb userlocales utf8 v4l v4l2 vcd vhosts vorbis win32codecs wma wxwindows x86 xine xinerama xml xml2 xmms xorg xosd xsl xv xvid zlib linguas_ru userland_GNU kernel_linux elibc_glibc" Unset: CTARGET, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTAGE_RSYNC_OPTS
*** Bug 135019 has been marked as a duplicate of this bug. ***
Is this still a problem? Report from up-to-date system, please.
(In reply to comment #2) > Is this still a problem? Report from up-to-date system, please. > unfortunately yes, still problem. --- boda@boda ~ $ emerge --info x11-misc/xscreensaver Portage 2.1.2-r9 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.5-r0, 2.6.19-gentoo-r5 i686) ================================================================= System Settings ================================================================= System uname: 2.6.19-gentoo-r5 i686 Intel(R) Celeron(R) CPU 2.53GHz Gentoo Base System release 1.12.9 Timestamp of tree: Mon, 26 Feb 2007 03:00:01 +0000 dev-java/java-config: 1.3.7, 2.0.31 dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O3 -pipe -mtune=i686 -march=pentium4 -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O3 -pipe -mtune=i686 -march=pentium4 -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="ru_RU.UTF-8" LC_ALL="" LINGUAS="ru" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X a52 aac aalib aiglx alsa apache2 asf audacious audiofile automount berkdb bitmap-fonts bluetooth bonobo buttons bzip2 cairo cdr cgi chardet cli concurrentmodphp cracklib crypt cups curl curlwrappers dba dbus dga divx divx4linux dri dv dvb dvd dvdr dvdread eds emboss encode exif expat fam fastbuild fastcgi fbcon ffmpeg firefox flac foomaticdb fortran ftp gaim gd gdbm gif glitz glut gmail gmedia gnome gpm gstreamer gtk gtk2 gtkhtml hal httpd iconv icq idn imagemagick imap ipv6 isdnlog jabber java javascript jpeg lame lcms ldap libcaca libg++ live lm_sensors mad mbox midi mikmod mime mmx mmxext mng mozbranding mozdevelop mozilla mp3 mpeg mysql mysqli ncurses nls nptl nptlonly nsplugin ogg openal opengl openldap overload pam pcntl pcre pdf pdo perl php png pop posix ppds pppd python qt3 qt4 quicktime readline real realmedia reflection rtsp samba sdl session sharedmem shout simplexml slang soap sockets speex spell spl sse sse2 ssl stream svg tcpd theora thunderbird tidy tiff truetype truetype-fonts type1-fonts unicode usb userlocales utf8 v4l v4l2 vcd vhosts vlm vnc vorbis win32codecs wma wmp wxwindows x86 xine xinerama xml xml2 xorg xosd xsl xv xvid zlib" ALSA_CARDS="intel8x0" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" FOO2ZJS_DEVICES="hp1020" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="ru" USERLAND="GNU" VIDEO_CARDS="radeon vesa" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS ================================================================= Package Settings ================================================================= x11-misc/xscreensaver-5.01-r2 was built with the following: CFLAGS="-O3 -U__VEC__ -fomit-frame-pointer -march=pentium4 -mtune=i686 -pipe" CXXFLAGS="-O3 -U__VEC__ -fomit-frame-pointer -march=pentium4 -mtune=i686 -pipe"
I don't expect it to be fixed with 5.02 but could you still verify? Blame me for hating stale bugs, and not having ldap setupped for testing.
(In reply to comment #4) > I don't expect it to be fixed with 5.02 but could you still verify? Blame me > for hating stale bugs, and not having ldap setupped for testing. > You're right, bug is still here :) boda@boda ~ $ emerge --info xscreensaver Portage 2.1.2.7 (default-linux/x86/2007.0/desktop, gcc-4.1.2, glibc-2.5-r3, 2.6.20-gentoo-r8 i686) ================================================================= System Settings ================================================================= System uname: 2.6.20-gentoo-r8 i686 Intel(R) Celeron(R) CPU 2.53GHz Gentoo Base System release 1.12.9 Timestamp of tree: Mon, 04 Jun 2007 02:00:01 +0000 dev-java/java-config: 1.3.7, 2.0.32 dev-lang/python: 2.4.4-r4 dev-python/pycrypto: 2.0.1-r5 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O3 -pipe -mtune=i686 -march=pentium4 -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/php/apache2-php4/ext-active/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php4/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php4/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo" CXXFLAGS="-O3 -pipe -mtune=i686 -march=pentium4 -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="ru_RU.UTF-8" LC_ALL="" LINGUAS="ru" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage /usr/local/portage/layman/mozilla" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X a52 aac aalib acpi aiglx alsa apache2 asf audacious audiofile automount berkdb bitmap-fonts bluetooth bonobo branding buttons bzip2 cairo cdr cgi chardet cli concurrentmodphp cracklib crypt cscope ctype cups curl curlwrappers cvs dba dbus dga divx divx4linux dri dv dvb dvd dvdr dvdread eds emboss encode evo exif expat fam fastbuild fastcgi fbcon ffmpeg firefox flac foomaticdb fortran ftp gaim gd gdbm gif glitz glut gmail gmedia gnome gpm gstreamer gtk gtk2 hal httpd iconv icq idn imagemagick imap ipv6 isdnlog jabber java javascript jpeg lame lcms ldap libcaca libg++ live lm_sensors mad mbox midi mikmod mime mmx mmxext mng mozbranding mozdevelop mozilla moznopango mp3 mpeg mudflap mysql mysqli ncurses new-login nls nptl nptlonly nsplugin ogg openal opengl openldap openmp overload pam pcntl pcre pdf pdo perl php png pop posix pppd python qt3 qt3support qt4 quicktime readline real realmedia reflection rtsp samba sdl session sharedmem shout simplexml slang soap sockets speex spell spl sse sse2 ssl stream svg tcpd theora thunderbird tidy tiff tkhtml truetype truetype-fonts type1-fonts unicode usb userlocales utf8 v4l v4l2 vcd vhosts vim-pager vim-with-x vlm vnc vorbis win32codecs wma wmp wxwindows x86 xine xinerama xml xml2 xorg xosd xsl xv xvid zlib" ALSA_CARDS="intel8x0" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" FOO2ZJS_DEVICES="hp1020" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="ru" USERLAND="GNU" VIDEO_CARDS="radeon vesa fglrx" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS ================================================================= Package Settings ================================================================= x11-misc/xscreensaver-5.02 was built with the following: CFLAGS="-O3 -U__VEC__ -fomit-frame-pointer -march=pentium4 -mtune=i686 -pipe" CXXFLAGS="-O3 -U__VEC__ -fomit-frame-pointer -march=pentium4 -mtune=i686 -pipe"
There are two solutions to xscreensaver being unable to read /etc/shadow: 1: make the xscreensaver binary be setuid (this is safe, and this situation is just what it's for) 2: use PAM instead of getpwent (this assumes that the PAM stack has a setuid helper in there somewhere, which it typically does). In other words, if non-root PAM clients have the ability to authenticate, then xscreensaver doesn't need to be able to read /etc/shadow at all (because something in PAM does it for us).
(In reply to comment #6) > 2: use PAM instead of getpwent (this assumes that the PAM stack has a setuid > helper in there somewhere, which it typically does). Indeed pam use flag is on for xscreensaver: boda@boda ~ $ eix '^xscreensaver$' [I] x11-misc/xscreensaver Available versions: 5.01-r2 5.02 ~5.02-r1 ~5.02-r2 Installed versions: 5.02(12:25:16 04.05.2007)(gnome -insecure-savers jpeg new-login -offensive opengl pam xinerama) Homepage: http://www.jwz.org/xscreensaver Description: A modular screen saver and locker for the X Window System --- Also strange thing is that pam_ldap works perfect for me, pam_unix doesn't.
(In reply to comment #6) > There are two solutions to xscreensaver being unable to read /etc/shadow: > > 1: make the xscreensaver binary be setuid (this is safe, and this situation is > just what it's for) Methinks if it can be avoided it should so going with number two here. :-) > 2: use PAM instead of getpwent (this assumes that the PAM stack has a setuid > helper in there somewhere, which it typically does). We are supposed to be doing that allready.. -rws--x--x 1 root root 20024 Mar 23 22:58 /sbin/unix_chkpwd /etc/pam.d/xscreensaver: auth include system-auth
Debian installs this, # # /etc/pam.d/xscreensaver - PAM behavior for xscreensaver # @include common-auth
@pam: These pam.d files, which one is correct? If any. Thanks. :)
(In reply to comment #5) > (In reply to comment #4) > > I don't expect it to be fixed with 5.02 but could you still verify? Blame me > > for hating stale bugs, and not having ldap setupped for testing. > > > You're right, bug is still here :) Could you try file in Comment #9.. ?
(In reply to comment #11) > Could you try file in Comment #9.. ? Just tried: /var/log/messages: Jun 12 12:41:42 boda xscreensaver: PAM (xscreensaver) illegal module type: @include Jun 12 12:41:42 boda xscreensaver: PAM pam_parse: expecting return value; [...common-auth] Jun 12 12:41:42 boda xscreensaver: PAM (xscreensaver) no module name supplied Jun 12 12:41:42 boda xscreensaver: PAM unable to dlopen(<*unknown module path*>) Jun 12 12:41:42 boda xscreensaver: PAM [dlerror: <*unknown module path*>: cannot open shared object file: No such file or directory] Jun 12 12:41:42 boda xscreensaver: PAM adding faulty module: <*unknown module path*> Jun 12 12:41:50 boda xscreensaver: PAM (xscreensaver) illegal module type: @include Jun 12 12:41:50 boda xscreensaver: PAM pam_parse: expecting return value; [...common-auth] Jun 12 12:41:50 boda xscreensaver: PAM (xscreensaver) no module name supplied Jun 12 12:41:50 boda xscreensaver: PAM unable to dlopen(<*unknown module path*>) Jun 12 12:41:50 boda xscreensaver: PAM [dlerror: <*unknown module path*>: cannot open shared object file: No such file or directory] Jun 12 12:41:50 boda xscreensaver: PAM adding faulty module: <*unknown module path*> ---
So we install xscreensaver suid root when it's build with USE="-pam" and with USE="pam" we install file.. /etc/pam.d/xscreensaver: auth include system-auth ..which seems correct to me. pam, jwz, any clue?
That sounds right to me too... running xscreensaver with --verbose might provide some clues.
(In reply to comment #14) > That sounds right to me too... running xscreensaver with --verbose might > provide some clues. > boda@boda ~ $ xscreensaver -verbose xscreensaver 5.02, copyright (c) 1991-2006 by Jamie Zawinski <jwz@jwz.org>. xscreensaver: running as boda/usera (4106/4999) xscreensaver: in process 26044. xscreensaver: 17:20:49: 0: xscreensaver-gl-helper: GL visual is 0x27. xscreensaver: 17:20:49: running on display ":0.0" (1 screen). xscreensaver: 17:20:49: vendor is The X.Org Foundation, 70200000. xscreensaver: 17:20:49: useful extensions: xscreensaver: 17:20:49: MIT Screen-Saver <-- not supported at compile time! xscreensaver: 17:20:49: Shared Memory xscreensaver: 17:20:49: Double-Buffering xscreensaver: 17:20:49: Power Management xscreensaver: 17:20:49: GLX xscreensaver: 17:20:49: XF86 Video-Mode xscreensaver: 17:20:49: Resize-and-Rotate xscreensaver: 17:20:49: screen 0 non-colormapped depths: 24. xscreensaver: 17:20:49: selecting RANDR events xscreensaver: 17:20:49: consulting /proc/interrupts for keyboard activity. xscreensaver: 17:20:49: 0: visual 0x23 (TrueColor, depth: 24, cmap: default) xscreensaver: 17:20:49: 0: saver window is 0x3a00001. xscreensaver: 17:20:49: selecting events on extant windows... done. xscreensaver: 17:20:49: awaiting idleness. xscreensaver: 17:20:54: LOCK ClientMessage received; activating and locking. xscreensaver: 17:20:54: 0: locked mode switching. xscreensaver: 17:20:54: blanking screen at Wed Jun 13 17:20:54 2007. xscreensaver: 17:20:54: 0: grabbing keyboard on 0x75... GrabSuccess. xscreensaver: 17:20:54: 0: grabbing mouse on 0x75... GrabSuccess. xscreensaver: 17:20:54: fading... xscreensaver: 17:20:56: fading done. xscreensaver: 17:20:58: prompting for password. xscreensaver: 17:20:58: pam_start ("xscreensaver", "boda", ...) ==> 0 (Success) xscreensaver: 17:20:58: pam_set_item (p, PAM_TTY, ":0.0") ==> 0 (Success) xscreensaver: 17:20:58: 0: creating password dialog. xscreensaver: 17:20:58: 0: mouse is at 601,376. xscreensaver: 17:20:58: 0: creating password dialog. xscreensaver: 17:20:58: grabbing server... xscreensaver: 17:20:58: 0: ungrabbing mouse (was 0x75). xscreensaver: 17:20:58: 0: grabbing mouse on 0x3a00010... GrabSuccess. xscreensaver: 17:20:58: ungrabbing server. xscreensaver: 17:21:01: input finished. xscreensaver: 17:21:02: 0: creating password dialog. xscreensaver: 17:21:02: grabbing server... xscreensaver: 17:21:02: 0: ungrabbing mouse (was 0x3a00010). xscreensaver: 17:21:02: 0: grabbing mouse on 0x3a00010... GrabSuccess. xscreensaver: 17:21:02: ungrabbing server. ---
That all looks totally normal to me: - xscreensaver is not setuid; - xscreensaver is not calling getpwent() or consulting /etc/shadow; - the PAM calls are succeeding on the first try. So, if /etc/shadow is not being consulted, that's because your PAM configuration is not set up to check it. xscreensaver only uses getpwent() if you don't have PAM. (That's kind of the point of PAM.) So, whatever the problem is, I think it's in the PAM configuration. Maybe there's some way to turn logging on down inside of PAM? I have no idea.
(In reply to comment #16) > So, whatever the problem is, I think it's in the PAM configuration. Maybe > there's some way to turn logging on down inside of PAM? I have no idea. I have to agree on here, reassigning bug to pam-bugs as they likely have better clue of what is going on.
Alexander, could you retry with xscreensaver-5.08. If it still fails, please, gather debug output another time. It looks like more debug statements were added in pam related code inside xscreensaver, so probably we'll understand what's going on there...
(In reply to comment #18) > Alexander, could you retry with xscreensaver-5.08. If it still fails, please, > gather debug output another time. It looks like more debug statements were > added in pam related code inside xscreensaver, so probably we'll understand > what's going on there... > just tried x11-misc/xscreensaver-5.07 run "xscreensaver -verbose" and "xscreensaver-command -lock" on another console Both ldap and local passwords are accepted now. LDAP password causes output in xscreensaver: xscreensaver: 12:28:09: LOCK ClientMessage received; activating and locking. xscreensaver: 12:28:09: 0: locked mode switching. xscreensaver: 12:28:09: blanking screen at Wed Jan 21 12:28:09 2009. xscreensaver: 12:28:09: 0: grabbing keyboard on 0x64... GrabSuccess. xscreensaver: 12:28:09: 0: grabbing mouse on 0x64... GrabSuccess. xscreensaver: 12:28:09: fading... xscreensaver: 12:28:11: fading done. xscreensaver: 12:28:12: pam_start ("xscreensaver", "boda", ...) ==> 0 (Success) xscreensaver: 12:28:12: pam_set_item (p, PAM_TTY, ":0.0") ==> 0 (Success) xscreensaver: 12:28:12: pam_authenticate (...) ... xscreensaver: 12:28:12: pam_conversation (ECHO_OFF="Password: ") ... xscreensaver: 12:28:12: 0: mouse is at 727,289. xscreensaver: 12:28:12: 0: creating password dialog ("") xscreensaver: 12:28:12: grabbing server... xscreensaver: 12:28:12: 0: ungrabbing mouse (was 0x64). xscreensaver: 12:28:12: 0: grabbing mouse on 0xc00010... GrabSuccess. xscreensaver: 12:28:12: ungrabbing server. xscreensaver: 12:28:15: input finished. xscreensaver: 12:28:15: pam_conversation (...) ==> PAM_SUCCESS xscreensaver: 12:28:17: pam_authenticate (...) ==> 7 (Authentication failure) xscreensaver: 12:28:17: pam_end (...) ==> 0 (Success) xscreensaver: 12:28:17: authentication via PAM failed. xscreensaver: 12:28:17: authentication via normal succeeded. xscreensaver: 12:28:17: grabbing server... xscreensaver: 12:28:17: 0: ungrabbing mouse (was 0xc00010). xscreensaver: 12:28:17: 0: grabbing mouse on 0x64... GrabSuccess. xscreensaver: 12:28:17: ungrabbing server. xscreensaver: 12:28:17: 0: moving mouse back to 727,289. xscreensaver: 12:28:17: 0: destroying password dialog. xscreensaver: 12:28:17: unblanking screen at Wed Jan 21 12:28:17 2009. xscreensaver: 12:28:17: 0: ungrabbing mouse (was 0x64). xscreensaver: 12:28:17: 0: ungrabbing keyboard (was 0x64). xscreensaver: 12:28:17: 0: unlocked mode switching. xscreensaver: 12:28:17: starting de-race timer (10 seconds.) xscreensaver: 12:28:17: awaiting idleness. xscreensaver: 12:28:27: de-race completed. ---- Local password: xscreensaver: 12:29:25: LOCK ClientMessage received; activating and locking. xscreensaver: 12:29:25: 0: locked mode switching. xscreensaver: 12:29:25: blanking screen at Wed Jan 21 12:29:25 2009. xscreensaver: 12:29:25: stopping de-race timer (4 remaining.) xscreensaver: 12:29:25: 0: grabbing keyboard on 0x64... GrabSuccess. xscreensaver: 12:29:25: 0: grabbing mouse on 0x64... GrabSuccess. xscreensaver: 12:29:25: fading... xscreensaver: 12:29:27: fading done. xscreensaver: 12:29:28: pam_start ("xscreensaver", "boda", ...) ==> 0 (Success) xscreensaver: 12:29:28: pam_set_item (p, PAM_TTY, ":0.0") ==> 0 (Success) xscreensaver: 12:29:28: pam_authenticate (...) ... xscreensaver: 12:29:28: pam_conversation (ECHO_OFF="Password: ") ... xscreensaver: 12:29:28: 0: mouse is at 642,93. xscreensaver: 12:29:28: 0: creating password dialog ("") xscreensaver: 12:29:28: grabbing server... xscreensaver: 12:29:28: 0: ungrabbing mouse (was 0x64). xscreensaver: 12:29:28: 0: grabbing mouse on 0xc0010a... GrabSuccess. xscreensaver: 12:29:28: ungrabbing server. xscreensaver: 12:29:30: input finished. xscreensaver: 12:29:30: pam_conversation (...) ==> PAM_SUCCESS xscreensaver: 12:29:30: pam_authenticate (...) ==> 0 (Success) xscreensaver: 12:29:30: pam_acct_mgmt (...) ==> 7 (Authentication failure) xscreensaver: 12:29:30: pam_setcred (...) ==> 0 (Success) xscreensaver: 12:29:30: pam_end (...) ==> 0 (Success) xscreensaver: 12:29:30: grabbing server... xscreensaver: 12:29:30: 0: ungrabbing mouse (was 0xc0010a). xscreensaver: 12:29:30: 0: grabbing mouse on 0x64... GrabSuccess. xscreensaver: 12:29:30: ungrabbing server. xscreensaver: 12:29:30: 0: moving mouse back to 642,93. xscreensaver: 12:29:30: 0: destroying password dialog. xscreensaver: 12:29:30: unblanking screen at Wed Jan 21 12:29:30 2009. xscreensaver: 12:29:31: 0: ungrabbing mouse (was 0x64). xscreensaver: 12:29:31: 0: ungrabbing keyboard (was 0x64). xscreensaver: 12:29:31: 0: unlocked mode switching. xscreensaver: 12:29:31: starting de-race timer (10 seconds.) xscreensaver: 12:29:31: awaiting idleness. xscreensaver: 12:29:41: de-race completed. --- Should i try x11-misc/xscreensaver-5.08? I guess issue has gone, at least it has for me.
Created attachment 179165 [details] emerge --info and some other information
(In reply to comment #19) > Both ldap and local passwords are accepted now. > Should i try x11-misc/xscreensaver-5.08? > I guess issue has gone, at least it has for me. > So if I read correct it is working for you now, and you are the only one reporting this issue here (and the original reporter) I see absolutely no reason to keep this bug open. Closing as reporter reports it doesn't fail anymore.