GithubHelp home page GithubHelp logo

xscreensaver won't unlock about nsscache HOT 4 CLOSED

google avatar google commented on August 19, 2024
xscreensaver won't unlock

from nsscache.

Comments (4)

jaqx0r avatar jaqx0r commented on August 19, 2024

Comment #1 originally posted by jaqx0r on 2014-09-16T10:09:00.000Z:

Hello

Did you cache the shadow and could be authenticated normally on pam ?

from nsscache.

jaqx0r avatar jaqx0r commented on August 19, 2024

Comment #2 originally posted by jaqx0r on 2014-09-16T11:36:47.000Z:

I've tried with pamtester and it doesn't work either:

baca@PC2101 ~ $ ls -l /etc/shadow.cache*
-rw-r----- 1 root root 125392 sep 15 21:02 /etc/shadow.cache
-rw-r----- 1 root root 27869 sep 15 21:02 /etc/shadow.cache.ixname
baca@PC2101 ~ $ pamtester login baca authenticate
Password:
pamtester: Authentication failure

Relevant lines in auth.log:

PC2101 ~ # tail -3 /var/log/auth.log
Sep 16 13:23:53 PC2101 unix_chkpwd[13229]: check pass; user unknown
Sep 16 13:23:53 PC2101 unix_chkpwd[13229]: password check failed for user (baca)
Sep 16 13:23:53 PC2101 pamtester: pam_unix(login:auth): authentication failure; logname=baca uid=10714 euid=10714 tty= ruser= rhost= user=baca

After 'chgrp shadow /etc/shadow.cache*' authentication works normally:

baca@PC2101 ~ $ ls -l /etc/shadow.cache*
-rw-r----- 1 root shadow 125392 sep 15 21:02 /etc/shadow.cache
-rw-r----- 1 root shadow 27869 sep 15 21:02 /etc/shadow.cache.ixname
baca@PC2101 ~ $ pamtester login baca authenticate
Password:
pamtester: successfully authenticated

Note that if I run pamtester as root, it works regardless of the cache files' ownership:

PC2101 ~ # ls -l /etc/shadow.cache*
-rw-r----- 1 root root 125392 sep 15 21:02 /etc/shadow.cache
-rw-r----- 1 root root 27869 sep 15 21:02 /etc/shadow.cache.ixname
PC2101 ~ # pamtester login baca authenticate
Password:
pamtester: successfully authenticated
PC2101 ~ #

But this is not the case with xscreensaver, which runs as the logged in user.

from nsscache.

jaqx0r avatar jaqx0r commented on August 19, 2024

Comment #3 originally posted by jaqx0r on 2014-09-16T12:15:43.000Z:

Just a piece more of info, it looks like the ultimate reason why /etc/shadow* must be chgrp'ed shadow is because /sbin/unix_chkpwd (used by pam_unix) is setgid shadow:

PC2101 ~ # ls -l /sbin/unix_chkpwd
-rwxr-sr-x 1 root shadow 30432 ene 31 2014 /sbin/unix_chkpwd

from nsscache.

jaqx0r avatar jaqx0r commented on August 19, 2024

Comment #4 originally posted by jaqx0r on 2014-10-20T05:00:09.000Z:

Applied in github master.

from nsscache.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.