Bug#631006: gnome-screensaver: unable to unlock screen for ldapusers with non readable /etc/pam_ldap.conf

Tobias Fiebig tobias.fiebig at wouldyoubuythis.net
Sun Jun 19 16:53:52 UTC 2011 

Package: gnome-screensaver
Version: 2.30.0-2squeeze1
Severity: normal

If using ldap-backed accounts on a host, /etc/pam_ldap.conf has to be readable
for
every user in order to allow unlocking of gnome-screensaver locked screens, as
the pam-modules are excecuted with the permissions of the invoking user.

This introduces the drawback of having the bindpw for the specific host
readable for all users on that system, and therefor providing these users with
the ability to bind to the ldap-server using that binddn/bindpw combination.



-- System Information:
Debian Release: 6.0.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gnome-screensaver depends on:
ii  dbus-x11               1.2.24-4          simple interprocess messaging syst
ii  gconf2                 2.28.1-6          GNOME configuration database syste
ii  gnome-icon-theme       2.30.3-2          GNOME Desktop icon theme
ii  gnome-session-bin      2.30.2-3          The GNOME Session Manager - Minima
ii  libc6                  2.11.2-10         Embedded GNU C Library: Shared lib
ii  libcairo2              1.8.10-6          The Cairo 2D vector graphics libra
ii  libdbus-1-3            1.2.24-4          simple interprocess messaging syst
ii  libdbus-glib-1-2       0.88-2.1          simple interprocess messaging syst
ii  libgconf2-4            2.28.1-6          GNOME configuration database syste
ii  libgl1-mesa-glx [libgl 7.7.1-4           A free implementation of the OpenG
ii  libglib2.0-0           2.24.2-1          The GLib library of C routines
ii  libgnome-desktop-2-17  2.30.2-2          Utility library for loading .deskt
ii  libgnome-menu2         2.30.3-1          an implementation of the freedeskt
ii  libgnomekbd4           2.30.2-2          GNOME library to manage keyboard c
ii  libgtk2.0-0            2.20.1-2          The GTK+ graphical user interface 
ii  libpam0g               1.1.1-6.1         Pluggable Authentication Modules l
ii  libpango1.0-0          1.28.3-1+squeeze2 Layout and rendering of internatio
ii  libx11-6               2:1.3.3-4         X11 client-side library
ii  libxext6               2:1.1.2-1         X11 miscellaneous extension librar
ii  libxklavier16          5.0-2             X Keyboard Extension high-level AP
ii  libxxf86vm1            1:1.1.0-2         X11 XFree86 video mode extension l

Versions of packages gnome-screensaver recommends:
ii  gnome-power-manager           2.32.0-2   power management tool for the GNOM
ii  libpam-gnome-keyring          2.30.3-5   PAM module to unlock the GNOME key

Versions of packages gnome-screensaver suggests:
pn  rss-glx                       <none>     (no description available)
pn  xscreensaver-data             <none>     (no description available)

-- no debconf information

More information about the pkg-gnome-maintainers mailing list