[Whonix-devel] xscreensaver with pam_tally2
Jamie Zawinski
jwz at jwz.org
Mon Sep 16 19:46:48 CEST 2019
On Sep 16, 2019, at 6:02 AM, Patrick Schleizer <adrelanos at riseup.net> wrote:
>
> Hi,
>
> having exactly the same issue.
>
> https://askubuntu.com/questions/983183/how-lock-the-unlock-screen-after-wrong-password-attempts
>
> Looks like xscreensaver and pam_tally2 (i.e. lock login after X failed
> attempts to prevent password bruteforceing) are incompatible. That might
> be since xscreensaver runs as user but pam requires root to read/write
> /var/log/tallylog.
>
> Is this an issue with xscreensaver, PAM or pam_tally2?
>
> cc'd whonix-devel public mailing list so all our readers can benefit
> from your reply.
I've never used pam_tally, but a number of PAM modules require setuid helper apps for one reason or another. Presumably this is one of them.
The PAM configuration is, of course, critical security infrastructure that you should not change lightly.
--
Jamie Zawinski https://www.jwz.org/ https://www.dnalounge.com/
More information about the Whonix-devel
mailing list