Vinzenz Feenstra has submitted this change and it was merged. Change subject: pam: Fix the pam conversation approach ...................................................................... pam: Fix the pam conversation approach Until now our PAM conversation was errorneous using pam_get_user which is not correct for requests other than accquiring the username. To correctly request the Token from the frontend we have to use a PAM conversation. This is done via the pam_prompt function. We also do check now, if the requesting user (if set) is identical with the preset user. If this is not the case we will not unlock the screen. Preset users should only be available if the screen was locked. If the usernames aren't equal, the module will return PAM_CRED_UNAVAIL. Additionally the logging was rewritten to use the syslog and more comments have been added to describe the steps we're doing. Change-Id: I4455ea61ffb27e854fe93bdc51068e12617955a2 Signed-off-by: Vinzenz Feenstra <vfeenstr(a)redhat.com&gt; --- M pam-ovirt-cred/pam_ovirt_cred.c 1 file changed, 59 insertions(+), 26 deletions(-) Approvals: Vinzenz Feenstra: Verified; Looks good to me, approved -- To view, visit http://gerrit.ovirt.org/20073 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I4455ea61ffb27e854fe93bdc51068e12617955a2 Gerrit-PatchSet: 5 Gerrit-Project: ovirt-guest-agent Gerrit-Branch: master Gerrit-Owner: Vinzenz Feenstra <vfeenstr(a)redhat.com&gt; Gerrit-Reviewer: Michal Skrivanek <michal.skrivanek(a)redhat.com&gt; Gerrit-Reviewer: Vinzenz Feenstra <vfeenstr(a)redhat.com&gt; Gerrit-Reviewer: oVirt Jenkins CI Server