Am Mittwoch, 18. Mai 2016, 10:47:53 CEST schrieb Rainer Klier:
but screenlock did not work even after reverting my old pam config files. then i downgraded all needed packages to use plasma5 screenlocker from plasma 5.6.3. the screenlock worked again. then, just to try out, i again upgraded everything to plasma 5.6.4, and then, to my surprise, it worked again... :-D
The kscreenlocker package will switch your PAM config to use pam_unix on every installation (also updates). As mentioned it does require pam_unix so that unlocking works correctly. With pam_unix2, kscreenlocker_greet just doesn't have the necessary permissions, making unlocking the session fail. A workaround is to make /usr/lib64/libexec/kcheckpass suid root, that should prevent such problems in the future. Updates will change the file permissions again of course, so you should rather add an entry to /etc/permissions.local and run chkstat to apply it. We cannot ship kcheckpass suid root, because the security team declined it (see https://bugzilla.opensuse.org/show_bug.cgi?id=926267), that's why we had to resort to this PAM config change. If you want to prevent your PAM config from being changed, convert the symlinks common-session and so on to proper files, pam-config should not touch them any more then. But if you don't have a very specific need to use pam_unix2, it's probably easier to just stick to pam_unix. Just because your system is updated since 13.2 is not a good reason though, mine is updated since 8.1 and still I am happily using pam_unix now... ;-) Kind Regards, Wolfgang -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org