[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Open Xlock as root



vorlon@netexpress.net wrote:
> 
> On Fri, 3 Dec 1999, Scott Nelson wrote:
> 
> > I agree with the idea of making a pam solution, but I do not agree with
> > the idea that we should create a module simply for checking root's
> > password -- what if I want to allow the administrator's fingerprint to
> > unlock the screen instead?
> 
> > Perhaps someone could create a module that would change the requested
> > username.  Something like this:
> 
> > xlock auth sufficient /lib/security/pam_pwdb shadow
> > xlock auth required   /lib/security/pam_forceuser user=root
> > xlock auth required   /lib/security/pam_fingerprint
> 
> Such a module would not be sufficient in the scenario described.  Changing
> the requested username does not implicitly give the program the system
> credentials needed to verify the password for that new user.  That might
> work with fingerprinting, but not with passwords (at least on a properly
> secured system).

Then, how about this:

xlock auth sufficient /lib/security/pam_pwdb shadow
xlock auth required   /lib/security/pam_asuser root
/lib/security/pam_pwdb shadow

--
Scott Nelson



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []