[kscreenlocker] [Bug 490924] The first password attempt is rejected after system wakes from sleep.

Sun, 25 Aug 2024 02:41:51 -0700 

https://bugs.kde.org/show_bug.cgi?id=490924

Fabian Vogt <fab...@ritter-vogt.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |NEEDSINFO
         Resolution|---                         |WAITINGFORINFO

--- Comment #23 from Fabian Vogt <fab...@ritter-vogt.de> ---
(In reply to Sophie Dexter from comment #19)
> (In reply to Fabian Vogt from comment #18)
> > Can you please try this (with the working local config as base):
> > 
> > "auth        sufficient                                   pam_sss.so
> > forward_pass"
> > 
> > after pam_unix (this should bring the issue back) and then
> Yes it did!
> > 
> > "auth        sufficient                                   pam_sss.so
> > use_first_pass"
> > 
> > instead? I wonder whether that avoids the issue as well. Please keep a local
> > root shell open when editing PAM config.
> and, yes it did :-) 
> I used 'sudo vi /etc/authselect/password-auth' when editing, unsure what I
> was supposed to do/see with the root  shell though,?
> > If this works, the PAM_CONV_ERR return does not fully quit the PAM stack and
> > it just gets stuck at pam_sss.
> > The fix would be to return PAM_CONV_ERR until pam_authenticate returns
> > failure.
> Great!, umm, how :?:

Like this: https://invent.kde.org/plasma/kscreenlocker/-/merge_requests/240
Can you please check whether this MR fixes the issue for you?

(In reply to Rob Sterenborg from comment #21)
> (In reply to Sophie Dexter from comment #19)
> > (In reply to Fabian Vogt from comment #18)
> > > instead? I wonder whether that avoids the issue as well. Please keep a 
> > > local
> > > root shell open when editing PAM config.
> > and, yes it did :-) 
> > I used 'sudo vi /etc/authselect/password-auth' when editing, unsure what I
> > was supposed to do/see with the root  shell though,?
> 
> The (extra) open root shell would have enabled you to use it to fix the PAM
> configuration in case you made a mistake, making you unable to login.

Exactly that! password-auth is likely used by all authentication methods (tty +
graphical login, ssh), so if there's a typo or other issue you'd lock yourself
out of your system.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to