gdm and xscreensaver-gnome should be consistent in behavior. Currently, if an authentication mechanism other than passwd file is used via. PAM (such as NIS or LDAP), gdm will allow login properly. If xscreensaver-gnome is setup to lock the screen, that user will have no means of unlocking the screen as PAM is not enabled with xscreensaver-gnome. Further, there is no mechanism to compile xscreensaver-gnome with PAM support other than editing the Makefile to remove the --without-pam option. Fix: Either 1) remove the --without-pam option from xscreensaver-gnome/Makefile and be consistent with gdm 2) use WITHOUT_PAM to selectively set the --without-pam option 3) use WITH_PAM to selectively remove the --without-pam option How-To-Repeat: setup a system with NIS or LDAP support. Log into gdm with a user not in the /etc/passwd file but in NIS or LDAP. Setup xscreensaver to lock the screen. Lock the screen. Attempt to unlock the screen with users password (not root password).
Responsible Changed From-To: freebsd-ports-bugs->gnome Over to maintainer(s).
State Changed From-To: open->analyzed I'll look at the consequences of enabling PAM support unconditionally. I agree there should be consistency within the desktop.
State Changed From-To: analyzed->closed I added support for optional PAM support as compiling with PAM by default at this point would be a violation of POLA.