Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1357: screensaver failed to unlock

Centrify DirectAudit ,   Centrify DirectControl ,   Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:02 AM

Applies to: DirectControl 4.4 EA on Mac

Problem:

If you have the system set to password lock at screen saver you can not unlock it with AD credentials.

Cause:
The reason is that unlocking screen saver is now done via PAM. There is a /etc/pam.d/screensaver file. 
Unfortunately, Apple does not pass in PAM_CONV structure so adclient does not get a chance to fill in AD user password, thus PAM
authenticates the user with an empty password which results in pre-authentication error.
Workaround:

Login with local administrator account, bring up terminal and execute the below commands:
sudo mv /etc/pam.d/screensaver /etc/pam.d/screensaver.cdc
sudo cp /etc/pam.d/screensaver.pre_cdc /etc/pam.d/screensaver
Resolution:

Fixed in DirectControl 4.4

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.