Fwd: continued discussion on trustworthiness of gnome-screensaver

["William Jon McCann" <mccann jhu edu>]

Forwarding this to the list where this type of discussion should take place.

---------- Forwarded message ----------
From: Mahmood Ali - Sun Microsystems <Mahmood Ali sun com>
Date: Feb 23, 2007 5:59 PM
Subject: continued discussion on trustworthiness of gnome-screensaver
To: William Jon McCann <mccann jhu edu>, halfline gmail com


Hello Jon&Ray,

Could you guys kindly briefly explain in your words of your
understanding of PAM and how it should be used. I think there is a big
disconnect on how we think it should be used and how you guys think of it.

From my reading of your responses i am a little confused.

Is the authentication program (unix_chkpasswd)  simply hardwired to
authenticate a particular user based on a password(text entry)? Is it
assuming that user is only going to type some kind of response and only
going to do it once?
How do you deal with the case when the screen is locked and a user's
password has expired in that state, do you log him back with the old
password? What happens if there is a fingerprint scanner instead of a
password requirement or both?

Also, is this program (unix_chkpasswd) GUI based? It cant be right
unless it is not using libGtk? So, how are you passing user's password
to it? I am little confused on how this program (unix_chkpasswd) gets
used, i.e. how does input to the program gets sent or is the program
directly prompting the user based on info required by PAM modules?
Also,  if a particular PAM module asks a user multiple pieces of
information not just password how are they handled. Also, is it possible
to get the source code for unix_chkpasswd? Or atleast just the
pam_conversation() function implementation of it?

Jon, is gnome-screensaver using unix_chkpasswd as a helper program to do
the authentication? Also, Jon, you had said that you have rewritten the
backend to drive the GUI, what exactly did you mean by that? I
understood that to mean you have written pam_conversation function to
listen to the text messages coming from the loaded PAM module and
display that string and it depending it that string required a response
from the user gathered that response and sent it back to the PAM module,
this goes on until the PAM module loaded returns. Basically, a two way
interaction between PAM module and the user.

Are you guys up for a telephone meeting at some point? I would like to
have our security people attend this meeting to help shed light on our
confusions. But, it would help me tremendously to see the source code of
unix_chkpasswd or its conversation function implementation first.

Thanks,
--mahmood
ps: If a phone meeting is doable, please let me know what days and times
are best for you guys next week.