Hi This is an error I was getting on xscreensaver that i noticed was being caused by pam. I tied the debian-user list, but thought it more appropriate in deb-sec basically I have this in my common-auth auth [success=1 default=ignore] pam_unix2.so auth required pam_ldap.so use_first_pass auth required pam_permit.so and I get this error when I attempt to unlock my xscreensaver from a verbose xscreensaver pam_conversation (...) ==> PAM_SUCCESS xscreensaver: 06:43:16: pam_conversation (TEXT_INFO="Permissions on the password database may be too restrictive.") . from pam_unix2 debug Apr 23 06:54:58 hufpuf xscreensaver: pam_unix2(xscreensaver:auth): pam_sm_authenticate() called Apr 23 06:54:58 hufpuf xscreensaver: pam_unix2(xscreensaver:auth): username=[alex] Apr 23 06:54:59 hufpuf xscreensaver: pam_unix2(xscreensaver:auth): wrong password, return PAM_AUTH_ERR Apr 23 06:55:00 hufpuf xscreensaver: pam_unix2(xscreensaver:setcred): pam_sm_setcred() called Apr 23 06:55:00 hufpuf xscreensaver: pam_unix2(xscreensaver:setcred): username=[alex] Apr 23 06:55:00 hufpuf xscreensaver: pam_unix2(xscreensaver:setcred): pam_sm_setcred: PAM_SUCCESS I have had this setup for a while, so I am not sure what has changed recently. thanks Alex On Wed, Apr 23, 2008 at 06:36:02AM +1000, Alex Samad wrote: > Hi > > I use xscreensaver 5.05-1, and I am using ldap users (nss-ldapd & > pam-ldap). Just recently I have noticed that when I unlock xscreensaver > I get > > permissions on the password database maybe too restrictive > > not sure where to look for this, xscreensaver seems to be the only app > having problems > > > I can > getent passwd alex > getent passwd > getent groups > id > id alex > > but I have just realised I can't > getent shadow > getent shadow alex > > i see nothing, > > but I can > sudo getent shadow > > I presume that is normal > > I turned on xscreensaver verbose flag and found this pam_conversation (...) ==> PAM_SUCCESS xscreensaver: 06:43:16: pam_conversation (TEXT_INFO="Permissions on the password database may be too restrictive.") . this is in my common-auth auth [success=1 default=ignore] pam_unix2.so auth required pam_ldap.so use_first_pass auth required pam_permit.so I have added some debugging with auth [success=1 default=ignore] pam_unix2.so debug and I have this in my logs now Apr 23 06:54:58 hufpuf xscreensaver: pam_unix2(xscreensaver:auth): pam_sm_authenticate() called Apr 23 06:54:58 hufpuf xscreensaver: pam_unix2(xscreensaver:auth): username=[alex] Apr 23 06:54:59 hufpuf xscreensaver: pam_unix2(xscreensaver:auth): wrong password, return PAM_AUTH_ERR Apr 23 06:55:00 hufpuf xscreensaver: pam_unix2(xscreensaver:setcred): pam_sm_setcred() called Apr 23 06:55:00 hufpuf xscreensaver: pam_unix2(xscreensaver:setcred): username=[alex] Apr 23 06:55:00 hufpuf xscreensaver: pam_unix2(xscreensaver:setcred): pam_sm_setcred: PAM_SUCCESS Not sure who to report a bug against Alex ----- End forwarded message ----- -- "All up and down the different aspects of our society, we had meaningful discussions. Not only in the Cabinet Room, but prior to this and after this day, our secretaries, respective secretaries, will continue to interact to create the conditions necessary for prosperity to reign." - George W. Bush 05/19/2003 Washington, DC
Attachment:
signature.asc
Description: Digital signature