Repeatable with the 10.3 release version.

This is the PAM audit_log_acct_message bug that also shows up in imapd and sshd.  Each time it appears, the message "xscreensaver: PAM audit_log_acct_message() failed: Operation not permitted" shows up in the system logs.  I suspect that xscreensaver isn't properly managing its setuid status when calling PAM.  See bug 331683 for additional information.

It looks like xscreensaver calls pam with user privileges, even if it has SUID flag.

Hopefully, it supports also PAM compatible password helper support.

Testing packages using helper. Please let me know, whether it works for you. For me it reports no error.

http://pack.suse.cz/sbrabec/bug326304/

Thanks for providing the update - it fixes the problem for me, the message is gone.

However, I see the following messages when starting xscreensaver:

lenz@metis:~> xscreensaver
xscreensaver: couldn't get password of "lenz"
xscreensaver: couldn't get password of "root"

Confirming.

This message has no real meaning with PAM helper. Disabling it.

New packages are available at the same URL for both 10.3 and Factory.


#ifndef HAVE_PAM 
  /* We only issue this warning if not compiled with support for PAM. 
     If we're using PAM, it's not unheard of that normal pwent passwords 
     would be unavailable. */

  if (!result)
    fprintf (stderr, "%s: couldn't get password of \"%s\"\n",
             blurb(), (user ? user : "(null)"));
#endif /* !HAVE_PAM */ 

It appears even with --disable-shadow

It would be nice to release this fix altogether with fig of the bug 235715.

I found a dependency problem:

pam is no more required implicitly by the xscreensaver. We have to require /sbin/unix2_chkpwd explicitly to prevent theoretically possible problems, if pam is not installed.

Fixing now.

Problem is fixed in Factory.

For 10.3 fix is submitted as well but the release is postponed and waiting for correct fix of bug 235715.