<br><br>On Wed, Feb 20, 2008 at 11:50 PM, Josselin Mouette <<a href="mailto:joss@debian.org">joss@debian.org</a>> wrote:<br>> severity 466741 important<br>> tag 466741 moreinfo<br>> thanks<br>> <br>> <br>
> On mer, 2008-02-20 at 22:46 +0530, Prakash Jose Kokkattu wrote:<br>> > Package: gnome-screensaver<br>> > Version: 2.20.0-2<br>> > Severity: critical<br>> ><br>> > OK.I found that libpam-foreground v0.4-1 if installed fixes this unlock<br>
> > issue and the user password works!also I got this dependency after<br>> > checking through ubuntu gutsy 7.10 which also I am using.Hope developers<br>> > will fix this bug ASAP.below is the relative contents on<br>
> > /var/log/auth.log<br>> <br>> Why did you open a new bug if you think this is related to #383889 ?<br><br>Sorry.I think my reportbug config may be wrong.I already posted in #383889 <br>> <br>> Also I don't think this issue could be related to libpam-foreground,<br>
> which only creates lockfiles and isn't even used unless you modify your<br>> configuration.<br>> <br>But,I am sure that,after installing libpam-foreground only my problem fixed.and Ubuntu gutsy too got libpam-foreground as dependency :S<br>
> In short, if you need help, please show us your PAM configuration and<br>> describe *precisely* what your problems are.<br>I have not edited any PAM configuration files.BTW,I remember,some package I have to install using dpkg --force-overwrite option.<br>
and below is the pam config files and their contents:<br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote">localhost:~# cat /etc/pam.conf <br>
# ---------------------------------------------------------------------------#<br># /etc/pam.conf #<br># ---------------------------------------------------------------------------#<br>
#<br># NOTE<br># ----<br>#<br># NOTE: Most program use a file under the /etc/pam.d/ directory to setup their<br># PAM service modules. This file is used only if that directory does not exist.<br># ---------------------------------------------------------------------------#<br>
<br># Format:<br># serv. module ctrl module [path] ...[args..] #<br># name type flag #<br></blockquote><br>and:<br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote">
localhost:~# cat /etc/pam.d/gnome-screensaver <br>@include common-auth<br>auth optional pam_gnome_keyring.so<br></blockquote>and:<br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote">
localhost:~# cat /etc/pam.d/common-account <br>#<br># /etc/pam.d/common-account - authorization settings common to all services<br>#<br># This file is included from other service-specific PAM config files,<br># and should contain a list of the authorization modules that define<br>
# the central access policy for use on the system. The default is to<br># only deny service to users whose accounts are expired in /etc/shadow.<br>#<br>account required pam_unix.so<br></blockquote>and:<br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote">
localhost:~# cat /etc/pam.d/common-auth <br>#<br># /etc/pam.d/common-auth - authentication settings common to all services<br>#<br># This file is included from other service-specific PAM config files,<br># and should contain a list of the authentication modules that define<br>
# the central authentication scheme for use on the system<br># (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the<br># traditional Unix authentication mechanisms.<br>#<br>auth required pam_unix.so nullok_secure<br>
</blockquote>and:<br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote">localhost:~# cat /etc/pam.d/common-password <br>#<br># /etc/pam.d/common-password - password-related modules common to all services<br>
#<br># This file is included from other service-specific PAM config files,<br># and should contain a list of modules that define the services to be<br># used to change user passwords. The default is pam_unix.<br><br># Explanation of pam_unix options:<br>
#<br># The "nullok" option allows users to change an empty password, else<br># empty passwords are treated as locked accounts.<br>#<br># The "md5" option enables MD5 passwords. Without this option, the<br>
# default is Unix crypt.<br>#<br># The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in<br># login.defs.<br>#<br># You can also use the "min" option to enforce the length of the new<br>
# password.<br>#<br># See the pam_unix manpage for other options.<br><br>password required pam_unix.so nullok obscure md5<br><br># Alternate strength checking for password. Note that this<br># requires the libpam-cracklib package to be installed.<br>
# You will need to comment out the password line above and<br># uncomment the next two in order to use this.<br># (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH')<br>#<br># password required pam_cracklib.so retry=3 minlen=6 difok=3<br>
# password required pam_unix.so use_authtok nullok md5</blockquote><div>and:<br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote"> localhost:~# cat /etc/pam.d/common-session <br>
#<br># /etc/pam.d/common-session - session-related modules common to all services<br>#<br># This file is included from other service-specific PAM config files,<br># and should contain a list of modules that define tasks to be performed<br>
# at the start and end of sessions of *any* kind (both interactive and<br># non-interactive). The default is pam_unix.<br>#<br>session required pam_unix.so</blockquote><div>and:<br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote">
localhost:~# cat /etc/pam.d/passwd <br>#<br># The PAM configuration file for the Shadow `passwd' service<br>#<br><br>@include common-password<br></blockquote></div></div><br>and:<br><br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote">
localhost:~# cat /etc/pam.d/su<br>#<br># The PAM configuration file for the Shadow `su' service<br>#<br><br># This allows root to su without passwords (normal operation)<br>auth sufficient pam_rootok.so<br><br># Uncomment this to force users to be a member of group root<br>
# before they can use `su'. You can also add "group=foo"<br># to the end of this line if you want to use a group other<br># than the default "root" (but this may have side effect of<br># denying "root" user, unless she's a member of "foo" or explicitly<br>
# permitted earlier by e.g. "sufficient pam_rootok.so").<br># (Replaces the `SU_WHEEL_ONLY' option from login.defs)<br># auth required pam_wheel.so<br><br># Uncomment this if you want wheel members to be able to<br>
# su without a password.<br># auth sufficient pam_wheel.so trust<br><br># Uncomment this if you want members of a specific group to not<br># be allowed to use su at all.<br># auth required pam_wheel.so deny group=nosu<br>
<br># Uncomment and edit /etc/security/time.conf if you need to set<br># time restrainst on su usage.<br># (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs<br># as well as /etc/porttime)<br># account requisite pam_time.so<br>
<br># This module parses environment configuration file(s)<br># and also allows you to use an extended config<br># file /etc/security/pam_env.conf.<br># <br># parsing /etc/environment needs "readenv=1"<br>session required pam_env.so readenv=1<br>
# locale variables are also kept into /etc/default/locale in etch<br># reading this file *in addition to /etc/environment* does not hurt<br>session required pam_env.so readenv=1 envfile=/etc/default/locale<br><br>
# Defines the MAIL environment variable<br># However, userdel also needs MAIL_DIR and MAIL_FILE variables<br># in /etc/login.defs to make sure that removing a user <br># also removes the user's mail spool file.<br># See comments in /etc/login.defs<br>
#<br># "nopen" stands to avoid reporting new mail when su'ing to another user<br>session optional pam_mail.so nopen<br><br># Sets up user limits, please uncomment and read /etc/security/limits.conf<br># to enable this functionality.<br>
# (Replaces the use of /etc/limits in old login)<br># session required pam_limits.so<br><br># The standard Unix authentication modules, used with<br># NIS (man nsswitch) as well as normal /etc/passwd and<br># /etc/shadow entries.<br>
@include common-auth<br>@include common-account<br>@include common-session<br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote"></blockquote></blockquote>
<div> and lastly: <br><blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote">localhost:~# cat /etc/pam.d/gdm<br>#%PAM-1.0<br>auth requisite pam_nologin.so<br>
auth required pam_env.so readenv=1<br>auth required pam_env.so readenv=1 envfile=/etc/default/locale<br>@include common-auth<br>auth optional pam_gnome_keyring.so<br>@include common-account<br>
session required pam_limits.so<br>@include common-session<br>session optional pam_gnome_keyring.so auto_start<br>@include common-password<br></blockquote></div><div>^I hope the contents of above files are enough.<br>
I can assure you that there is no manual editing I did.<br>BTW,running Debian Sid/lenny with apt preferring Sid.<br>also using upstart from experimental repo.<br> </div>> Thanks,<br>> --<br> Thank You<br>
> .''`.<br>> : :' : We are <a href="http://debian.org">debian.org</a>. Lower your prices, surrender your code.<br>> `. `' We will add your hardware and software distinctiveness to<br>
> `- our own. Resistance is futile.<br>> <br><br>