[OpenAFS] Making screensaver updating token on solaris

Peter Huesser peter.huesser@psi.ch
Mon, 04 Mar 2002 11:04:19 +0100

Sorry for my very late response

> I suspect sometime during the login process, dtsession's PAM entries are
> referenced.  I'm no longer in an AFS environment, so I don't have a test
> machine to try it out on, and work out the bugs.  I suggest checking the
> man pages: dtsession(1X), dtscreen(1X), or docs.sun.com.
> My only other suggestion is to use a different screen locker.
> /usr/openwin/bin/xlock is out, because it doesn't support PAM.
> Xscreensaver is good.  Of course, you'd have to instruct your users to
> type "xscreensaver-command -lock" rather than clicking the lock icon on
> the CDE front panel.

Thank's for the xnlock tip but I did not find a source code I was able to compile.
Also the software seems to be very old. Thank's too for the xlockmore tip but
I prefer a screensaver with pam support. Therefore I tried to run xscreensaver
but unfortunatelly a normall user is not authenticated. Here are some details:

1) I compiled xscreensaver with the following configuration:
        ./configure --prefix=/usr/pack/xscreensaver-4.01-ph --with-pam --with-kerberos
--with-motif --with-jpeg

2) The pam.conf entries are:
        xscreensaver auth    sufficient /usr/lib/security/pam_afs.so.1 try_first_pass
ignore_root setenv_password_expires debug
        xscreensaver auth    required   /usr/lib/security/pam_unix.so.1 debug
        xscreensaver auth    required   /usr/lib/security/pam_dial_auth.so.1
        xscreensaver account sufficient /usr/lib/security/pam_afs.so.1 try_first_pass
ignore_root debug
        xscreensaver account required   /usr/lib/security/pam_unix.so.1 debug
    These entries are identical to the ssh entries (ssh works fine) only "sshd" replaced
by "xscreensaver"

3) Running xscreensaver with the "-verbose" flag I get:
        xscreensaver: 10:32:04: pam_start ("xscreensaver", "huesser", ...) ==> 0 (Success)

        xscreensaver: 10:32:04:   pam_set_item (p, PAM_TTY, ":0.0") ==> 0 (Success)
        xscreensaver: 10:32:04:     PAM ECHO_OFF("AFS Password: ") ==> password
        xscreensaver: 10:32:04:     PAM ECHO_OFF("System Password: ") ==> password
        xscreensaver: 10:32:04:   pam_authenticate (...) ==> 9 (Authentication failed)
        xscreensaver: 10:32:04:   pam_set_item(p, PAM_USER, "root") ==> 0 (Success)
        xscreensaver: 10:32:04:     PAM ECHO_OFF("Password: ") ==> password
        xscreensaver: 10:32:04:   pam_authenticate (...) ==> 9 (Authentication failed)
        xscreensaver: 10:32:04: pam_end (...) ==> 0 (Success)
        xscreensaver: 10:32:04: password incorrect!

4) Looking at the logfiles on the afs server I observe that the client does not tries
     to conntact the server (no entries for "huesser" are found).

5) /usr/lib/security/pam_afs.so.1 is opened by xscreenserver while I am typing in
     my password (unfortunatelly with no effect).

Does somebody run xscreensaver on Solaris and how was it compiled ?