Saturday, April 27, 2024
Homepage · unity
 Popular · Latest · Hot · Upcoming
3
rated 0 times [  3] [ 0]  / answers: 1 / hits: 5960  / 3 Years ago, fri, june 11, 2021, 1:37:40

I have configured my screensavers to lock the desktop after some time; and sometimes, e.g. when I leave my desk, I prefer to lock the screen myself using the title bar "Lock/Switch account..." feature.



While trying to log in again, I enter my password, but the password is labeled as "invalid".



As a workaround, I have to use the mouse to go to the "Switch User..." menu in the title bar, click it, and wait for that other login page to appear, which is quite similar to the screensaver-lock page. (It also lists other the usernames to choose from)



There I enter the same password, and it gets accepted, I'm logged in, unity desktop appears.



Login at the console also works.



Any idea how to diagnose and solve the problem?




Linux xxx 3.19.0-28-generic #30-Ubuntu SMP Mon Aug 31 15:52:51 UTC
2015 x86_64 x86_64 x86_64 GNU/Linux



unity 7.3.2



Compiz 0.9.12.1




There seems to be nothing of interest in kern.log and syslog, but here is something from /var/log/auth.log



    Sep 17 17:20:29 xxx lightdm: pam_kwallet(lightdm-greeter:setcred): pam_sm_setcred

Sep 17 17:20:29 xxx lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0)

Sep 17 17:20:29 xxx systemd-logind[843]: New session c13 of user lightdm.

Sep 17 17:20:29 xxx lightdm: pam_ck_connector(lightdm-greeter:session): nox11 mode, ignoring PAM_TTY :2

Sep 17 17:20:29 xxx lightdm: pam_kwallet(lightdm-greeter:session): pam_sm_open_session

Sep 17 17:20:29 xxx lightdm: pam_kwallet(lightdm-greeter:session): pam_kwallet: open_session called without kwallet_key

Sep 17 17:20:30 xxx lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "knb"

Sep 17 17:20:33 xxx CRON[37168]: pam_unix(cron:session): session closed for user munin

Sep 17 17:21:10 xxx lightdm: pam_kwallet(lightdm:auth): pam_sm_authenticate

Sep 17 17:21:10 xxx lightdm: pam_kwallet(lightdm:setcred): pam_sm_setcred

Sep 17 17:21:10 xxx lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm

Sep 17 17:21:10 xxx lightdm: pam_kwallet(lightdm-greeter:session): pam_sm_close_session

Sep 17 17:21:10 xxx lightdm: pam_kwallet(lightdm-greeter:setcred): pam_sm_setcred


Here are some pictures of the screens I have to go through:



Step 1 - locked screensaver



Here I have unsuccessfully typed in my regular password. It contains only ascii characters.



Step 2 - switch user



Switch user ... (choose my own account, I don't need to switch to another one).



Step 3 - regular login



This works.



EDITED: just before end of +150 bounty deadline



I was able to solve this problem myself (after following though all hints and links spread throughout all the ~5 answers so far)



I had to comment out this line in file /etc/pam.d/lightdm:



#auth sufficient pam_succeed_if.so user ingroup nopasswdlogin



I think the reason was that (many months ago, when I was the "only one" with physical access to my computer) I've added myself to the group that can login without password, and autologin to lightdn after boot/reboot. Then some day I changed this back to "login needed after reboot" but for some reason the previous no-login configuration was removed improperly from all the config files.



Now can login again :-)



A note on the bounty / "grading":



The first answerer was closest to the solution by saying something like "look closely at what's in /etc/pam.d". The answer was also the longest and the most thorough.
However I checked all the other answers as valuable, that's all I can do for now, I think.


More From » unity
 Answers
2

In theory you can walk through the contents of /etc/pam.d and compare against the output from /var/log/auth.log to see what is going on.



In case you're not aware, each file in pam.d is a potential entry point to ask pam if you can get authority. In your case lightdm. The log entries are fairly self explanatory as far as figuring out which lines in the log come from which lines in the pam file.



According to the docs I found you should be able to add 'debug' to lines in pam.d files to get extra info in the log.



In my setup, I'm using kde, and kdm and I get lots of lines containing (kdm:auth) when I lock my screen and attempt to unlock it (with the wrong password), but nothing when it unlocks successfully. The is next to no comparison between pam.d/kdm and pam.d/lightdm which makes no sense to me, so maybe you can try swapping things around to see if the issue is in the lightdm pam module.



The only other thought I had, is whether you have interesting symbols or characters in your password. If the lightdm lock screen box, isn't coded properly you might find it's not sending what you type to the back end. Try changing your password to something basic (like 1234) to see if it works, if it does, then (change your password back obviously, but) it probably means there is nothing wrong with your pam configuration at least.



Sorry if this doesn't help much, beyond looking at adding pam_debug.so to various pam files (see http://manpages.ubuntu.com/manpages/hardy/man8/pam_debug.8.html), to see what happens, I'm not sure what else to suggest.


[#21358] Saturday, June 12, 2021, 3 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
biryanrownies
Add To Favorites
Follow
Total Points: 396
Total Questions: 90
Total Answers: 106
Location: Saint Lucia
Member since Sun, Sep 5, 2021
3 Years ago
biryanrownies questions
Wed, May 10, 23, 07:13, 1 Year ago
Wed, Sep 7, 22, 18:13, 2 Years ago
Fri, Dec 3, 21, 02:50, 2 Years ago
Sat, Feb 12, 22, 16:02, 2 Years ago
Sat, Apr 15, 23, 09:22, 1 Year ago
View All
;