[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bigger annoyance with locking.

From: Dan Mahoney, System Admin
Subject: Re: Bigger annoyance with locking.
Date: Fri, 14 Nov 2008 00:19:58 -0500 (EST)
User-agent: Alpine 2.00 (BSF 1167 2008-08-23)

On Thu, 13 Nov 2008, Dan Mahoney, System Admin wrote:

Concise: Because not all systems have PAM, and some of those lack standard getpw* interface to get the encrypted password. Heck, in some there IS no password.

Detailed: Kerberos and ssh-keys are two such examples. I am sure there's at least one or two others, obscure though they may be.

By the way, I fully admit that I'm an edge case here. I've been using screen for about 13 years now and haven't seen this before now. But the edge case does exist, and there IS code already within screen to handle it.

It's not some "else" statement where there's an assertion fail, that you should never get to. Someone put that prompting code there for a reason, and I've reached it by all the parameters with which it was written in mind being true.

Just by looking at the date, I know the builtin screenlock pre-dates PAM (1985!). It *may* also pre-date screen having a detach/reattach password, With code this old it's hard to search back and see what was added when.

My argument is simply that IN that edge case (slim that it is) -- we add a line of code that says "if we have a password, inherit it". If we don't, THEN emulate lock(1) and prompt for a key, just as we do now.

Conveniently, checking a login password from a locked screen and checking against a crypt'd password in memory is the exact same call.

While the context of the "foreground" and "background" screens is a bit odd to me, I don't see why both wouldn't have access to all the data in the config file. I get a screen that locks itself securely, every time -- the rest of the linux world goes on using pam like they always have, and everyone's happy.



[23:49:00] LarpGM: Did my little TP comment scare you off?
[23:49:22] ilzarion: no, the shrieking retarded child eating people did

-Feb 06, 2001, times apparent.

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM

reply via email to

[Prev in Thread] Current Thread [Next in Thread]