User password will not unlock screensaver #412
Comments
|
Since it happens in the screensaver as well as the session login, it seems like it may be some sort of keyboard layout issue. Do you have more than one keyboard layout installed? If so, there should be a flag icon in the password entry in the screensaver. Make sure the correct layout is selected before typing your password. |
|
I do not have more than one keyboard layout installed. Only the American English one. There is no flag icon on my screensaver or session login page. |
|
I'm glad I'm not the only one. Just spent an hour tracking this down without success yet. I'm on Arch aswell (5.18.16-arch1-1) Could be PAM related. Relevant parts of my kernel log: (Sorry for the homed-spam, I left it in because I'm not sure if it might be related.) Oh btw my password works the same on english and german keyboard layouts (the only once I have installed), so I guess it's not that. Edit: Could it be related to #209 ? |
|
Can you run cinnamon-screensaver from a terminal: then try to reproduce (or allow it to randomly). Please paste the output here (in a text file) once you do. Thanks |
|
In what directory can I find the output of that command? |
|
Actually this seems like it may be limited to Arch and friends... Can you try this? There are a few other 'fixes' I've seen but this won't won't lock you out of your system if you make a mistake. https://bbs.archlinux.org/viewtopic.php?id=258297 Is it possible either of you has a modified Maybe you edited things to add a fingerprint reader or other additional authentication module? |
|
The output will be in the terminal your ran that command from. But I'm not sure it's necessary now since my most recent post here. |
|
To answer question, I hadn't done any modifications to Regarding the fix, should the entry to The line listed on the manjaro page omits it. |
|
No leading slash |
|
I'm having this problem too in Manjaro Cinnamon. I tried the above fix, but it did not work. |
|
I've also been hitting this. I'm also on Arch Linux, don't know if the problem is something there or with cinnamon screensaver. I was able to reproduce it while capturing debug output using the command above by @mtwebster. It's possible that it's happenning for me after resuming from suspend, I don't fully remember if this was always the case. I opened the laptop, and attempted to enter the password. I'm not fully certain that I entered it correctly the first time, but I did not make more than 3 attempts, and I have fail-lock configured for 5. I switched to another TTY and tried to login there, and saw the message "The account is locked due to 5 failed logins". I finally bypassed it via ssh ( The output of Debug output: cinnamon-screensaver-debug.log |
|
Still having this issue with |
|
I found out the root cause, or at least how to reproduce it. Having e.g. Then, simply lock the screen, press any button to show the password entry box, and then press escape to close it. Repeat that more than 10 times, and you will be locked out. It appears there are multiple ways this could happen - spurious wakeup etc. I don't know what the fix is, but a user simply triggering the password entry to show (e.g. tapping a button on the keyboard to wake up a display) counts as a failed login attempt, which seems wrong to me. I don't know if this also relates to systemd-home but it also shows up. |
|
Occurs on FreeBSD 13.1-Release with Cinnamon 4.8.6_3, cinnamon-screensaver 4.8.1_2. Once kicked in, the screenlock cannot be unlocked. Refuses every attempt, including the correct password. Same if I manually start screenlock. |
|
I am having the same issue on FreeBSD 13.1 as @KeveNagy. Same versions of Cinnamon and screensaver. |
|
EndeavourOS, kernel 6.2.10, Cinnamon 5.6.8 This happens repeatedly when coming out of suspend, but never when just locking the screen manually. |
|
I'm also having this issue. See my replies, but basically: ArchLinux through EndeavourOS,
Let me know if you need me to test something. |
|
Is there any progress on the issue ? |
|
I had the same problem with Arch Linux + Cinnamon. |
|
After a new PC build (7800X3D+4070 (from 6600XT)) and a fresh To reproduce: Lock screen (Strg+Alt+l), turn off Samsung OLED S95B TV (connected through a normal certified UHD HDMI 2.1<->HDMI 2.1 cable), return after 10 minutes, turn on TV and try to log-in. |
|
I'm experiencing the same issue, there's two things I have noticed when it happens:
|
|
EndeavorOS latest as of March 25th 2024 Kernel 6.8.1-arch-1-1 Cinnamon 6.0.4 Screen saver takes first correct password attempt and interprets it as 3 failed password attempts. However, clicking the icon to go to the default login screen on the screensaver login screen allows you to login. |
|
Has anyone reported the issue to archlinux? |
|
Why do you think this is an issue with how it's packaged in Arch? It looks like a problem with PAM/Screensaver being too sensitive to trigger failed auth. |
The absence of other distro's being affected is a strong indicator that it's packaging/distro related. |
|
It might depend on how Can we compare that file for different distributions? In any case, the root cause of the issue seems to be the sensitivity of PAM & the screensaver password entry - simply triggering the password entry to show counts as a failed activation (last time I checked). It should only count as a failed attempt if the user actually enters a password and presses enter, etc. |
FreeBSD is affected too.
I'd expect At least these do stick to it: Fedora 39, Arch, Ubuntu 22.04 and Debian 12. |
FreeBSD and I believe Ubuntu are also affected. At least in my google searches, there were threads complaining of the same issue, albeit some were older say from 2017 etc. This issue seems to have been going on for many years with no resolve. Temporary fixes suggested often induce serious security implications. I've seen threads on the archlinux bbs with this complaint, but no who is in charge of programming or packaging either arch itself or any of their derivatives, have suggested a fix. There is a fairly large Arch based community with about 30 active distros based on arch. I am surprised none of the Manjaro people have issued a patch or fix. Its an annoying bug, but not a show stopper, since the easy way around it is to click the icon (shows an outline of two people) which takes you to the default login screen for cinnamon, you can login without issues as long as you haven't tried to input any text into the screen saver login. If you do, and go to the default login screen, it will show the error of "3 failed login attempts", and you can't log in. You have two icons you can click, the "lock" icon which is the enter for the password input in the screen saver password input, or the "two people" icon, which takes you to the default log in screen. Again, as long as no text is inputted into the screen saver password prompt, you simply click the "two people" (I wish I knew what the button was actually called) and then log in as if you had either logged out or just booted into the OS. |
|
@mtwebster do you mind helping us understand the PAM interaction of this codebase? i.e. where does the pam session start, and is it started just by presenting the text input box or does it only start after the user focuses that box, or starts typing? Maybe is being called spuriously, triggering multiple calls topam_authenticate and thus incorrectly causing pam_faillock to trigger.
|
|
I can confirm Fedora (via the Cinnamon spin) is also affected by this bug |
|
I've done some further testing and am starting to suspect this is related to bluetooth. Having my headphones and controller both connected via bluetooth causes this bug to occur 100% of the time when locking the screen. The password prompt appears by itself and never goes away, probably because something is constantly submitting garbage passwords. |
Well, you need to know this in the first place. The icon does not really indicate "hey, this password prompt is fake, click here to get to the real one". |
@leigh123linux This also happens on Gentoo, so it is not an arch packaging issue. |
|
I've had this issue twice in as many days. Never seen it previously, but yesterday, I carefully typed my password multiple times and it wouldn't let me in, so I had to REISUB and fortunately I could use my fingerprint to log in and then I used sudo on a terminal to make sure I wasn't remembering/typing my password incorrectly. (I wasn't.) In my experience, I type the password and it appears as asterisks (actually, circles, I suppose), but when I press enter nothing appears to happen; then I press enter again or escape, and that's when it does its little "I'm checking your password" animation. That continues for many seconds (perhaps even a minute or more), then appears to pretend nothing happened. Looking at /var/log/auth.log there are multiple entries at around the right sort of time that show a sequence such as: Does this give any indication as to what the cause is? Scrolling back up to others' quoted logs, I see something similar in those. As far as I can remember, I've only ever seen this twice in however many years I've used Mint/Cinnamon (10+), and only since yesterday. PS I see there's a comment about Bluetooth above, but I've got that disabled. |
Well, certainly, but at least there is now a posted "way around" this issue when people are searching and come across this thread. Oddly, EndeavourOS seems to have bypassed this issue by deactivating the screen and instead having the monitor go dim/off. So when you move the mouse or press a key, you are presented with the default login screen, the same screen when you first boot, restart, or logout.
As I posted above, EndeavourOS seems to bypass this issue by not having the screen saver activate, but rather turn the monitor off after the set time period of inactivity. So, when there is mouse movement or key press, you are prompted with the standard login screen. The same screen you get when you do a boot up, restart, or log out. I am not sure what settings they did to accomplish this, its now the default behavior in their latest packaging of their distro. However, my screensaver settings are: Delay before starting the screensaver: 15 minutes I do notice the option for lock the computer when put to sleep is off and am wondering if this may be a sleep issue and not just a screensaver activation issue? Maybe turn off this option if you have it if its on and see if it changes anything? This issue has been going on almost a decade it seems however. No one seems to be seriously tackling it, but rather finding ways around it, clever or not. I dont expect it to be fixed any time soon if at all. |
I doubt sleep mode is related, I've had this happen plenty of times when locking normally without sleeping or even turning off the screen.
Yeah, it still happens sometimes even when bluetooth is entirely disabled, but connecting my bluetooth controller (8bitdo SN30) makes it absolutely certain that my account will be restricted in under a minute after locking the screen. The logs say something is submitting phantom authentications, and the controller makes the problem much worse. Anyway, I've since switched to Sway so I won't be able to mess with this anymore. Just noting what I learned for documentation sake. |
Issue
When attempting to unlock the computer from being in screensaver, sometimes entering the password will not work and the computer will not unlock. The screensaver will behave as if an incorrect or mistyped password has been entered and it will continually prompt to reenter.
If the icon with two figures is clicked to exit to the main session login screen, the password will not work there either.
Getting back in requires the computer to be rebooted.
This doesn't happen on every time that cinnamon-screensaver is run, but it does happen regularly.
Steps to reproduce
Either lock screen with Ctrl-Alt-L or let the computer idle and screensaver will start and computer will lock itself.
Expected behaviour
The password should unlock the screensaver, allowing the user to resume the session.
The text was updated successfully, but these errors were encountered: