No I can't see why it wouldn't work -- it worked for me with gnome-screensaver and Ubuntu 10.
Perhaps you will get a clue from the system logfiles.
You might also try running hcitool as the user running the screensaver and make sure that user has bluetooth access permissions.
I've tried that patch, and it does seem to work. Great!
However, it doesn't seem to work for the unlocking the lock screen
(Unity GUI, Ubuntu 13.04). I have to type in a password to unlock it.
I've seen bug reports about LDAP and the lock screen. But a fingerprint
reader PAM (pam_fingerprint-gui) does seem to work on the lock screen.
Any idea why pam-blue wouldn't work to unlock the lock screen?
Title:
libpam_blue requires root, fails if non-privileged
Status in “libpam-blue” package in Ubuntu:
Confirmed
Bug description:
I modified /etc/pam.d/common-auth to allow two-factor authentication
using password and either bluetooth proximity or, if that fails,
google-authenticator:
. . .
# here are the per-package modules (the "Primary" block)
auth [success=1 default=ignore] pam_unix.so nullok_secure
# here's the fallback if no module succeeds
auth requisite pam_deny.so
#
auth [success=1 default=ignore] pam_blue.so
auth required pam_google_authenticator.so
#
# prime the stack . . .
This works fine for login, but bluetooth authentication always fails when unlocking gnome-screensaver with the error message:
Bluetooth scan failure [bluetooth device up?]
The reason seems to be that pam_blue is based on l2cap which requires
root authority to create sockets (l2ping runs as root but fails for a
non-privileged user).
An alternative method of detecting bluetooth proximity is to use hcitool:
hcitool name xx:xx:xx:xx:xx:xx
returns the name of the device whose MAC is given, or nothing on fail, and it works for a non-privileged user.
Replacing pam_blue with a simple hacked version using hcitool works for both login and gnome-screensaver unlock:
int rc = PAM_SESSION_ERR;
FILE *fpipe;
char *command="hcitool name xx:xx:xx:xx:xx:xx";
char line[256];
if ( !(fpipe = (FILE*)popen(command,"r")) ) {
perror("Problems with pipe");
exit(1);
}
while ( fgets( line, sizeof line, fpipe)) {
if (strlen(line) > 2) rc = PAM_SUCCESS;
}
pclose(fpipe);
return rc;
This bug probably affects all versions to date, but has been confirmed
in Ubuntu 11.04 and 11.10, and in libpam-blue 0.9.0-3
Dear Craig
No I can't see why it wouldn't work -- it worked for me with gnome-screensaver and Ubuntu 10.
Perhaps you will get a clue from the system logfiles.
You might also try running hcitool as the user running the screensaver and make sure that user has bluetooth access permissions.
Good luck -- Ross
----- Original Message -----
From: "Craig McQueen" <email address hidden>
To: <email address hidden>
Sent: Friday, 7 June, 2013 12:15:39 PM
Subject: [Bug 912695] Re: libpam_blue requires root, fails if non-privileged
I've tried that patch, and it does seem to work. Great!
However, it doesn't seem to work for the unlocking the lock screen t-gui) does seem to work on the lock screen.
(Unity GUI, Ubuntu 13.04). I have to type in a password to unlock it.
I've seen bug reports about LDAP and the lock screen. But a fingerprint
reader PAM (pam_fingerprin
Any idea why pam-blue wouldn't work to unlock the lock screen?
-- /bugs.launchpad .net/bugs/ 912695
You received this bug notification because you are subscribed to the bug
report.
https:/
Title:
libpam_blue requires root, fails if non-privileged
Status in “libpam-blue” package in Ubuntu:
Confirmed
Bug description: d/common- auth to allow two-factor authentication authenticator:
I modified /etc/pam.
using password and either bluetooth proximity or, if that fails,
google-
. . . authenticator. so
# here are the per-package modules (the "Primary" block)
auth [success=1 default=ignore] pam_unix.so nullok_secure
# here's the fallback if no module succeeds
auth requisite pam_deny.so
#
auth [success=1 default=ignore] pam_blue.so
auth required pam_google_
#
# prime the stack . . .
This works fine for login, but bluetooth authentication always fails when unlocking gnome-screensaver with the error message:
Bluetooth scan failure [bluetooth device up?]
The reason seems to be that pam_blue is based on l2cap which requires
root authority to create sockets (l2ping runs as root but fails for a
non-privileged user).
An alternative method of detecting bluetooth proximity is to use hcitool:
hcitool name xx:xx:xx:xx:xx:xx
returns the name of the device whose MAC is given, or nothing on fail, and it works for a non-privileged user.
Replacing pam_blue with a simple hacked version using hcitool works for both login and gnome-screensaver unlock:
int rc = PAM_SESSION_ERR;
FILE *fpipe;
char *command="hcitool name xx:xx:xx:xx:xx:xx";
char line[256];
if ( !(fpipe = (FILE*) popen(command, "r")) ) {
perror("Problems with pipe");
exit(1);
}
while ( fgets( line, sizeof line, fpipe)) {
if (strlen(line) > 2) rc = PAM_SUCCESS;
}
pclose(fpipe);
return rc;
This bug probably affects all versions to date, but has been confirmed
in Ubuntu 11.04 and 11.10, and in libpam-blue 0.9.0-3
To manage notifications about this bug go to: /bugs.launchpad .net/ubuntu/ +source/ libpam- blue/+bug/ 912695/ +subscriptions
https:/