From nobody@FreeBSD.org  Mon Jan 12 02:28:08 2004
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B99F216A4CE
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 12 Jan 2004 02:28:08 -0800 (PST)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 106A143D72
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 12 Jan 2004 02:26:56 -0800 (PST)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.10/8.12.10) with ESMTP id i0CAQ6dL003555
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 12 Jan 2004 02:26:06 -0800 (PST)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.10/8.12.10/Submit) id i0CAQ6bX003546;
	Mon, 12 Jan 2004 02:26:06 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200401121026.i0CAQ6bX003546@www.freebsd.org>
Date: Mon, 12 Jan 2004 02:26:06 -0800 (PST)
From: Sean McNeil <sean@mcneil.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: xscreensaver-gnome usage of --without-pam inconsistent with gdm
X-Send-Pr-Version: www-2.0

>Number:         61237
>Category:       ports
>Synopsis:       xscreensaver-gnome usage of --without-pam inconsistent with gdm
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    gnome
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 12 02:30:16 PST 2004
>Closed-Date:    Mon Feb 02 11:50:23 PST 2004
>Last-Modified:  Mon Feb 02 11:50:23 PST 2004
>Originator:     Sean McNeil
>Release:        freebsd-current
>Organization:
Sean McNeil Consulting, Inc
>Environment:
FreeBSD server.mcneil.com 5.2-CURRENT FreeBSD 5.2-CURRENT #18: Mon Jan 12 00:15:07 PST 2004     root@server.mcneil.com:/usr/obj/usr/src/sys/AMD  i386

>Description:
      gdm and xscreensaver-gnome should be consistent in behavior.  Currently, if an authentication mechanism other than passwd file is used via. PAM (such as NIS or LDAP), gdm will allow login properly.  If xscreensaver-gnome is setup to lock the screen, that user will have no means of unlocking the screen as PAM is not enabled with xscreensaver-gnome.  Further, there is no mechanism to compile xscreensaver-gnome with PAM support other than editing the Makefile to remove the --without-pam option.
>How-To-Repeat:
setup a system with NIS or LDAP support.  Log into gdm with a user not in the /etc/passwd file but in NIS or LDAP.  Setup xscreensaver to lock the screen.  Lock the screen.  Attempt to unlock the screen with users password (not root password).

>Fix:
Either

1) remove the --without-pam option from xscreensaver-gnome/Makefile and be consistent with gdm
2) use WITHOUT_PAM to selectively set the --without-pam option
3) use WITH_PAM to selectively remove the --without-pam option

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->gnome 
Responsible-Changed-By: pav 
Responsible-Changed-When: Mon Jan 12 13:03:57 PST 2004 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=61237 
State-Changed-From-To: open->analyzed 
State-Changed-By: marcus 
State-Changed-When: Sun Feb 1 23:40:44 PST 2004 
State-Changed-Why:  
I'll look at the consequences of enabling PAM support unconditionally.  I 
agree there should be consistency within the desktop. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=61237 
State-Changed-From-To: analyzed->closed 
State-Changed-By: marcus 
State-Changed-When: Mon Feb 2 11:49:46 PST 2004 
State-Changed-Why:  
I added support for optional PAM support as compiling with PAM by default at 
this point would be a violation of POLA. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=61237 
>Unformatted:
