#478252 vlock: refuses to unlock when no password is set

Package:
vlock
Source:
vlock
Description:
Virtual Console locking program
Submitter:
"Michal Suchanek"
Date:
2010-07-11 09:06:04 UTC
Severity:
minor
#478252#5
Date:
2008-04-28 11:29:37 UTC
From:
To:
When there is no password set it is possible to lock the system but not
unlock it.
As this renders the system inaccessible this can lead to serious
problems.

vlock should not allow locking the system when it refuses to unlock it.

Thanks

Michal
#478252#10
Date:
2008-05-10 20:47:01 UTC
From:
To:
"Michal Suchanek" <michal.suchanek@ruk.cuni.cz> wrote:

The same is true if you forget your password.

The vlock package is configured to use PAM for authentication, so that
it can work with any authentication method.  Unfortunately PAM does not
appear to provide any means to tell whether there is any way for the
user to authenticate.

If vlock used the shadow password interface directly (which is a
build-time option), then it would be able to check whether the password
field is a plausible crypted password, but then it would not work
correctly with other authentication methods.

Ben.
#478252#15
Date:
2008-05-12 10:40:55 UTC
From:
To:
Yes, but then it's my fault that I forgot it.

Login also uses PAM and does handle all cases correctly. So there is
certainly some way.

Thanks

Michal