[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Open Xlock as root



>>>>> "Matt" == Matt Drown <panzer@dhp.com> writes:

    Matt> Isn't this a moot point as anyone can walk up to an annoying xlock screen
    Matt> under xfree86 and hit ctrl-alt-backspace? :)

    Matt> You could put the root password in /etc/passwd file with normal encryption
    Matt> and it should work also.  Pam can read crypted passwwords here without
    Matt> root privs?   Sounds bad doesn't it?

    Matt> At this rate, you should just hack up xlock to have a backdoor password it
    Matt> retrieves from some other location, if you want to keep xlock in general.

This is not a good solution, IMO.  It may work, and on non-PAM
systems it's probably the only way to get it done.  However:

First of all, we'd like to be able to put this functionality into
other apps, too, not just xlock, so we'd have to modify each source
individually.  This was one motivation for PAM in the first place: not
having to modify every app when a new security option is introduced.

Second, it forces the option, where some sysadmins will specifically
not want it enabled.  If you wanted to make it an option, then the
user could prevent it's being used, anyway, which undermines one
reason for having it there.

    Matt> The next modification is of course to have it prompt for a
    Matt> password before it locks the screen also.

This would really be a good idea, and perhaps the xlock developer(s)
should hear of this.  However, this doesn't really change what we are
trying to accomplish, and that is a password that can override the
user's xlock.

-bill

-- 
William Evans                 < william . evans @ computer . org >



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []