Comment 21 for bug 64301

The problem with the two password requests can be solved by adding 'use_first_pass' to the line with pam_unix.so, such that it looks like
    auth sufficient pam_ldap.so
    auth required pam_unix.so nullok_secure use_first_pass

However, this does not solve the problem when the LDAP connection is encrypted and the certificate can only be read by root. Also in Hardy gnome-screensaver does not seem to communicate with the NSCD, but tries to call the LDAP server directly.

I still don't get why the workaround setting gnome-screensaver-dialog SUID doesn't work anymore. In that case pam_ldap should run with root rights. Has anyone more insight on the authentication mechanism? Maybe gnome-screensaver-dialog calls another program to do the actual verification in newer versions...