Bug 61237

Summary: xscreensaver-gnome usage of --without-pam inconsistent with gdm
Product: Ports & Packages Reporter: Sean McNeil <sean>
Component: Individual Port(s)Assignee: freebsd-gnome (Nobody) <gnome>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Sean McNeil 2004-01-12 10:30:16 UTC 
      gdm and xscreensaver-gnome should be consistent in behavior.  Currently, if an authentication mechanism other than passwd file is used via. PAM (such as NIS or LDAP), gdm will allow login properly.  If xscreensaver-gnome is setup to lock the screen, that user will have no means of unlocking the screen as PAM is not enabled with xscreensaver-gnome.  Further, there is no mechanism to compile xscreensaver-gnome with PAM support other than editing the Makefile to remove the --without-pam option.

Fix: 

Either

1) remove the --without-pam option from xscreensaver-gnome/Makefile and be consistent with gdm
2) use WITHOUT_PAM to selectively set the --without-pam option
3) use WITH_PAM to selectively remove the --without-pam option
How-To-Repeat: setup a system with NIS or LDAP support.  Log into gdm with a user not in the /etc/passwd file but in NIS or LDAP.  Setup xscreensaver to lock the screen.  Lock the screen.  Attempt to unlock the screen with users password (not root password).
Comment 1 Pav Lucistnik freebsd_committer freebsd_triage 2004-01-12 21:03:57 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->gnome

Over to maintainer(s).
Comment 2 Joe Marcus Clarke freebsd_committer freebsd_triage 2004-02-02 07:40:44 UTC 
State Changed
From-To: open->analyzed

I'll look at the consequences of enabling PAM support unconditionally.  I 
agree there should be consistency within the desktop.
Comment 3 Joe Marcus Clarke freebsd_committer freebsd_triage 2004-02-02 19:49:46 UTC 
State Changed
From-To: analyzed->closed

I added support for optional PAM support as compiling with PAM by default at 
this point would be a violation of POLA.