Menu
▾
▴
#3 Run as root?
I'm running ubuntu and I just started using a python module, howdy, for authentication with pam-python. Howdy is the first auth module listed, and its control is "sufficient," so a successful auth with howdy is sufficient to authenticate the user.
Under most circumstances it works fine, but it doesn't work when I try to unlock my screen with my screensaver. Of note, the screensaver process (mate-screensaver) runs as my user, and not as root. The module never runs, and the following is printed in auth.log:
Apr 27 17:22:27 bartlet /lib/security/howdy/pam.py[23690]: Can not open module: Permission denied
If I change the permisions of all of the howdy files to world-readable, then the module runs, and message saying I have been sufficiently authenticated appears, but a PamException occurs and mate-screensaver still requires a password:
Apr 27 17:26:00 bartlet /lib/security/howdy/pam.py[24005]: Traceback (most recent call last):
Apr 27 17:26:00 bartlet /lib/security/howdy/pam.py[24005]: File "/lib/security/howdy/pam.py", line 53, in pam_sm_authenticate
Apr 27 17:26:00 bartlet /lib/security/howdy/pam.py[24005]: return doAuth(pamh)
Apr 27 17:26:00 bartlet /lib/security/howdy/pam.py[24005]: File "/lib/security/howdy/pam.py", line 38, in doAuth
Apr 27 17:26:00 bartlet /lib/security/howdy/pam.py[24005]: pamh.conversation(pamh.Message(pamh.PAM_TEXT_INFO, "Identified face as " + pamh.get_user()))
Apr 27 17:26:00 bartlet /lib/security/howdy/pam.py[24005]: PamException: Conversation error
Again, I've only had this problem so far when trying to authenticate for mate-screensaver, which runs as my user. The other uses I've tried are logging in through lightdm and authenticating for sudo.
I'm new to pam, but it occurs to me that pam_unix.so must at some point have read access to /etc/shadow, even when authenticating on behalf of mate-screensaver. Shouldn't pam_python.so also run with similar privileges?