Strange problem with authentication after screensaver lock.

Tue Nov 15 01:26:21 UTC 2005

Steve Turnbull wrote:
> On Sunday 13 November 2005 12:04, L. Boggio wrote:
> 
>>Le 12/11/05, Jim McQuiston a dit :
>>
>>>-----BEGIN PGP SIGNED MESSAGE-----
>>>Hash: SHA1
>>>
>>>Hello list:
>>>
>>>I am having a most odd problem with my "Breezy" machine. It seems that
>>>after changing the root password to my system, I cannot no longer
>>>authenticate myself once my machine has been locked by the screensaver.
>>>
>>>I feel the problem is in my changing of the root password because of the
>>>following sequence of events:
>>
>>.../...
>>
>>When I first installed Kubuntu, I choosed too to set a root password,
>>in order to keep my previous 'way to work' as in Mandrake.
>>I happenned to have a lot of strange behaviours, all linked to
>>authentification, and begun to believe this distro was totally bugged.
>>I browsed on Kubuntu forums, and saw some texts that drove me to try to
>>remove this root password. Since that, I didn't have any problem with
>>auth behaviours.
>>I think that Kubuntu team made some choices in the distribution
>>configuraztion that implied that you were using sudo with no root
>>password, and that the fact of using one brings that behaviour... It's
>>sad, I must admit, but that's what I think...
> 
> 
> I think the choice to use sudo is a good one. It's more secure than using su, 
> and it doesn't limit you in any way.
> 
> The initial user created is in the 'sudoers' file with full admin privileges, 
> therefore you can run any task with full permissions using 'sudo <command>' 
> and then entering YOUR password. You never have to worry about the root 
> password (if it exists)
> 
> Steve
> 
>>--
>>L.Boggio
>>French Kubuntu 5.10 User, and proud of it !
> 
> 
All who have replied.....I thank you. Perhaps I was not clear enough in
my original post. I am a big fan of the sudo command and I do understand
why it is important from a variety of security angles. The only time
that I would even consider logging in as root would be in the instance
of a catastrophic failure of the system.

A second reason I like knowing the root password is knowing that
security of this system resides with me and not whatever algorithm is
used to scramble the root password on installation. I can be rather
paranoid about my systems at times.

My question, simply, is why is this simple change of password breaking
the screensaver, and perhaps kcheckpass? I did not mean to lead the list
into another potential sudo vs non-sudo argument. I think everyone has
been down that road.

If I can be pointed to a road that resolves this issue, I would be most
appreciative. I am willing to be the "guinea pig" that leads to the
solution.

Thank you to all, in advance, for your time and consideration.
-- 
 Jim McQuiston

Registered Linux User #375957
 "Freedom is something that dies unless it's used" -- Hunter S.Thompson