Precisely; however it is trying to open /etc/shadow *as the logged-in user*, not root. This is what's throwing the errors in the audit log. Eric ********************************************************************* Eric Reischer emr@xxxxxxxxxxxxxxx "The most beautiful thing we can experience is the mysterious." -- Albert Einstein ********************************************************************* On Mon, 19 Jul 2004, Igmar Palsenberg wrote: > > > Unfortunately, > > however, our workstations running xscreensaver have SNARE reporting that > > the (non-root) logged-in user unsuccessfully attempts to touch the > > /etc/shadow file, with timestamps that correspond to the exact times that > > the user unlocks the window via xscreensaver. > > Sound logical to me : xscreensaver needs to verify the user's password, > let's PAM handle that, and PAM needs to open /etc/shadow to verify the > actual hashes. > > > I have narrowed it down to PAM (I think), as I've recompiled xscreensaver > > with absolutely no passwd references; only the PAM libraries compiled in, > > and the problem still presents itself. Does anyone know if PAM is making > > this call at some point, and if so, what is the reason behind it? Is PAM > > just doing a sanity permission check on the shadow file? > > It's probably opening it. > > > > Igmar > > > _______________________________________________ > > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list > _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
