7

I have set a password for screen sessions in my .screenrc. It works great, any time I need to re-attach to a screen session I need to enter the password. There is another feature where you can lockout the current terminal (ctrl+a, x). This is a fantastic feature for locking the terminal really quickly, and I also have it automatically lock the terminal after 20 minutes idle time. For that in .screenrc I added the line 'idle 1200 lockscreen'.

My problem however is that once the terminal is in the lockscreen state, no password seems able to unlock it. Not the screen password, not my users login password. I have no idea where to set the password for this lockscreen state and nothing in the manpage or anything I've found online seems to think mentioning it would be important. The manpage says it uses either /usr/bin/lck or /usr/bin/lock or 'a builtin', but I have neither of the first two binaries and have no idea what this builtin is. Any help?

bawkstoo
  • 93
  • 1
  • 5

2 Answers2

3

screen uses PAM for authentication, so the password checking is configured in /etc/pam.d/screen.

This is the default configuration, which checks the Unix password database (/etc/passwd + /etc/shadow):

auth    required    pam_unix.so

If your system uses something else for authentication (Kerberos, NIS, ...) you have to update screen's PAM configuration too. (On some Linux distros (such as Debian), includeing /etc/pam.d/common-auth should be enough.)

user1686
  • 10,162
  • 1
  • 26
  • 42
  • I'm running debian squeeze. There was no /etc/pam.d/screen so I made one with the lines you recommended, it did not work. I tried copying the sshd file to screen, that didn't work either. There is also /etc/pam.d/other which supposedly catches anything not explicitly defined and runs it through all the common-* files. Obviously that hasn't worked either. I only use PAM for auth, so... dunno. I did however read elsewhere that screens builtin does use OS authentication (in my case PAM), so this is probably the right track. Just two cents short... – bawkstoo Aug 12 '10 at 20:30
  • 1
    Many months later, I upgraded the kernel of this computer and rebooted it. Screens terminal locking feature now works perfectly. I assume this is due to having upgraded many packages including pam over the years of uptime and only now being able to apply certain changes that required a reboot. (Only now do I realize you're probably the same grawity who has helped me many times in ##linux as well heh. Thanks again for the answer, you rock). – bawkstoo Dec 13 '10 at 17:55
3

As per the manual, you can configure a lock program of your liking by assigning it to the environment variable LOCKPRG before starting screen.

For how to cope with a locked terminal which you don't have a password for, see also https://superuser.com/questions/343965/what-is-the-default-password-of-screen/

Community
  • 1
tripleee
  • 1,416
  • 3
  • 15
  • 24