[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bigger annoyance with locking.
From: |
Dan Mahoney, System Admin |
Subject: |
Re: Bigger annoyance with locking. |
Date: |
Fri, 14 Nov 2008 00:19:58 -0500 (EST) |
User-agent: |
Alpine 2.00 (BSF 1167 2008-08-23) |
On Thu, 13 Nov 2008, Dan Mahoney, System Admin wrote:
Concise: Because not all systems have PAM, and some of those lack standard
getpw* interface to get the encrypted password. Heck, in some there IS no
password.
Detailed: Kerberos and ssh-keys are two such examples. I am sure there's at
least one or two others, obscure though they may be.
By the way, I fully admit that I'm an edge case here. I've been using
screen for about 13 years now and haven't seen this before now. But the
edge case does exist, and there IS code already within screen to handle
it.
It's not some "else" statement where there's an assertion fail, that you
should never get to. Someone put that prompting code there for a reason,
and I've reached it by all the parameters with which it was written in
mind being true.
Just by looking at the date, I know the builtin screenlock pre-dates PAM
(1985!). It *may* also pre-date screen having a detach/reattach password,
With code this old it's hard to search back and see what was added when.
My argument is simply that IN that edge case (slim that it is) -- we add a
line of code that says "if we have a password, inherit it". If we don't,
THEN emulate lock(1) and prompt for a key, just as we do now.
Conveniently, checking a login password from a locked screen and checking
against a crypt'd password in memory is the exact same call.
While the context of the "foreground" and "background" screens is a bit
odd to me, I don't see why both wouldn't have access to all the data in
the config file. I get a screen that locks itself securely, every time --
the rest of the linux world goes on using pam like they always have, and
everyone's happy.
-Dan
--
[23:49:00] LarpGM: Did my little TP comment scare you off?
[23:49:22] ilzarion: no, the shrieking retarded child eating people did
-Feb 06, 2001, times apparent.
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
- Re: Bigger annoyance with locking., (continued)
- Re: Bigger annoyance with locking., Micah Cowan, 2008/11/13
- Re: Bigger annoyance with locking., Dan Mahoney, System Admin, 2008/11/13
- Re: Bigger annoyance with locking., Trent W. Buck, 2008/11/13
- Re: Bigger annoyance with locking., Dan Mahoney, System Admin, 2008/11/13
- Re: Bigger annoyance with locking., Trent W. Buck, 2008/11/13
- Re: Bigger annoyance with locking., Dan Mahoney, System Admin, 2008/11/13
- Re: Bigger annoyance with locking., Trent W. Buck, 2008/11/13
- Re: Bigger annoyance with locking., Dan Mahoney, System Admin, 2008/11/13
- Re: Bigger annoyance with locking., Trent W. Buck, 2008/11/13
- Re: Bigger annoyance with locking., Dan Mahoney, System Admin, 2008/11/13
- Re: Bigger annoyance with locking.,
Dan Mahoney, System Admin <=
- Re: Bigger annoyance with locking., Andrew Deason, 2008/11/16
- Re: Bigger annoyance with locking., Dan Mahoney, System Admin, 2008/11/16
- Re: Bigger annoyance with locking., Dan Mahoney, System Admin, 2008/11/20
- Re: Bigger annoyance with locking., Trent W. Buck, 2008/11/13