[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Open Xlock as root



On Fri, 3 Dec 1999, Scott Nelson wrote:

> I agree with the idea of making a pam solution, but I do not agree with
> the idea that we should create a module simply for checking root's
> password -- what if I want to allow the administrator's fingerprint to
> unlock the screen instead?

> Perhaps someone could create a module that would change the requested
> username.  Something like this:

> xlock auth sufficient /lib/security/pam_pwdb shadow
> xlock auth required   /lib/security/pam_forceuser user=root
> xlock auth required   /lib/security/pam_fingerprint

Such a module would not be sufficient in the scenario described.  Changing
the requested username does not implicitly give the program the system
credentials needed to verify the password for that new user.  That might
work with fingerprinting, but not with passwords (at least on a properly
secured system).

-Steve Langasek
postmodern programmer



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []