Hi
I have a Linux client running XFCE and authenticating against Samba 4.
When trying to return to the session after xscreensaver has kicked in,
authentication fails.
/etc/pam.d/xscreensaver
#%PAM-1.0
auth include common-auth
account include common-account
password include common-password
session include common-session
/etc/pam.d/common-password
#%PAM-1.0
password requisite pam_pwcheck.so nullok cracklib
password optional pam_gnome_keyring.so use_authtok
password sufficient pam_unix2.so use_authtok nullok
password required pam_ldap.so try_first_pass use_authtok
Samba 4 seems to bypass pam, users have an entry in the keytab on the
Samba 4 server and this on the client:
/etc/krb5.conf
[libdefaults]
default_realm = HH3.SITE
dns_lookup_realm = false
dns_lookup_kdc = true
How can I tell xscreensaver to authenticate against Samba 4?
Thanks
Steve
On 01/09/2012 08:42 AM, steve wrote:> Hi > I have a Linux client running XFCE and authenticating against Samba 4. > When trying to return to the session after xscreensaver has kicked in, > authentication fails.Sorry to bump, but I've just seen this in the xscreensaver doco: XScreenSaver Dependencies Required <snip> Optional libjpeg-8c, libgnome-2.32.1, GLE, Netpbm, XDaliClock, Linux-PAM-1.1.5, _MIT Kerberos V5-1.6 (built with Kerberos V4 backwards compatibility), and krb4 and Heimdal-1.4 (Kerberos authentication requires having Kerberos V4 and V5 on the system)_ Does Samba 4 have this? Cheers, Steve
On 01/09/2012 08:42 AM, steve wrote:> Hi > I have a Linux client running XFCE and authenticating against Samba 4. > When trying to return to the session after xscreensaver has kicked in, > authentication fails.Sorry to bump, but I've just seen this in the xscreensaver doco: XScreenSaver Dependencies Required <snip> Optional libjpeg-8c, libgnome-2.32.1, GLE, Netpbm, XDaliClock, Linux-PAM-1.1.5, _MIT Kerberos V5-1.6 (built with Kerberos V4 backwards compatibility), and krb4 and Heimdal-1.4 (Kerberos authentication requires having Kerberos V4 and V5 on the system)_ Does Samba 4 have this? Cheers, Steve