Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
kde 5 screen locker works too well (won't unlock) [SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
albright
Advocate
Advocate


Joined: 16 Nov 2003
Posts: 2539
Location: Near Toronto

PostPosted: Sun Jun 28, 2015 2:31 pm    Post subject: kde 5 screen locker works too well (won't unlock) [SOLVED] Reply with quote

as in the subject

when I enter the correct password on kde lock screen it just
reports login failed

nothing is posted in the logs (how come gentoo has no auth.log by the way?)

kcheckpass works fine from the command line (after adding a kde file
to /etc/pam.d and setting kcheckpass suid, as the internet suggested)

I'm quite at a loss ...

running the (~) kde 5.3 stuff from portage
_________________
.... there is nothing - absolutely nothing - half so much worth
doing as simply messing about with Linux ...
(apologies to Kenneth Graeme)


Last edited by albright on Tue Jun 30, 2015 11:47 am; edited 1 time in total
Back to top
View user's profile Send private message
davidm
Guru
Guru


Joined: 26 Apr 2009
Posts: 557
Location: US

PostPosted: Mon Jun 29, 2015 5:00 pm    Post subject: Reply with quote

It works here on an OpenRC system with sddm although it was a bit screwy and didn't seem to work until I played around with systemsettings5 and rebooted a few times. My problem with the screwiness was the opposite-- it never wanted to lock automatically and then put the LCD in sleep mode.

When I enter an incorrect password I see this in /var/log/messages:

Quote:

Jun 29 12:54:55 gentoo kcheckpass[23495]: pam_unix(kde:auth): authentication failure; logname= uid=1000 euid=1000 tty=:0 ruser= rhost= user=david
Jun 29 12:54:55 gentoo kcheckpass[23495]: Authentication failure for david (invoked by uid 1000)


Are you seeing those messages indicating that kcheckpass is indeed getting invoked? Are you using sddm? If so do you see anything weird in sddm.log?

Checking around it seems most past bugs involved PAM in some way... Check '# cat /var/log/messages | grep -i pam' maybe for clues?
Back to top
View user's profile Send private message
albright
Advocate
Advocate


Joined: 16 Nov 2003
Posts: 2539
Location: Near Toronto

PostPosted: Tue Jun 30, 2015 11:47 am    Post subject: Reply with quote

thanks for the reply

It turned out (surprise) to be my own fault, not noticing
that kcheckpass is provided by (old) kde-base/kcheckpass
and (new) plasma-workspace

I had the old and new packages installed and the system was apparently
confused

I suppose I should wipe out all old kde-base apps but it still seems that
there is an unholy mixture of old and new required at the moment :?
_________________
.... there is nothing - absolutely nothing - half so much worth
doing as simply messing about with Linux ...
(apologies to Kenneth Graeme)
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 6825
Location: Austria

PostPosted: Thu Nov 12, 2015 12:03 am    Post subject: Reply with quote

albright, just to make sure, your issue was fixed after removing kde-base/kcheckpass?
_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
albright
Advocate
Advocate


Joined: 16 Nov 2003
Posts: 2539
Location: Near Toronto

PostPosted: Thu Nov 12, 2015 12:39 pm    Post subject: Reply with quote

Quote:
albright, just to make sure, your issue was fixed after removing kde-base/kcheckpass?


yes, both kde-base/kcheckpass and kde-plasma/plasma-workspace provide /usr/lib64/libexec/kcheckpass

it's the latter that works with kde5
_________________
.... there is nothing - absolutely nothing - half so much worth
doing as simply messing about with Linux ...
(apologies to Kenneth Graeme)
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 6825
Location: Austria

PostPosted: Thu Nov 12, 2015 7:05 pm    Post subject: Reply with quote

They can't provide it both, otherwise there'd be a file collision. The kde-base/ one is kde4 prefixed iirc
_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
yagami
Apprentice
Apprentice


Joined: 12 May 2002
Posts: 265
Location: Leiria, Portugal

PostPosted: Sun Nov 22, 2015 6:16 pm    Post subject: Reply with quote

I have this problem.

I dont have kde4 kcheckpass package installed.

I have to chmod +s kcheckpass for it to unlock. When i update plasma-workspace, the file is installed without +s chmod, so i have to do it again.

why is this ?
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 6825
Location: Austria

PostPosted: Sun Nov 22, 2015 7:10 pm    Post subject: Reply with quote

Please check:
Code:
$ ls -l /etc/pam.d/kde*

_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
yagami
Apprentice
Apprentice


Joined: 12 May 2002
Posts: 265
Location: Leiria, Portugal

PostPosted: Mon Nov 23, 2015 12:47 pm    Post subject: Reply with quote

genstorm wrote:
Please check:
Code:
$ ls -l /etc/pam.d/kde*


Sorry for delay:

pam.d # ls kde*
kde kde-np

cat kde
#%PAM-1.0

auth required pam_nologin.so

auth include system-local-login

account include system-local-login

password include system-local-login

session include system-local-login


cat kde-np
#%PAM-1.0

auth required pam_nologin.so
auth required pam_permit.so

account include system-local-login

password include system-local-login

session include system-local-login
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 6825
Location: Austria

PostPosted: Tue Jan 12, 2016 11:56 pm    Post subject: Reply with quote

Both of your systems are set up the same way, using binpkgs?
_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
yagami
Apprentice
Apprentice


Joined: 12 May 2002
Posts: 265
Location: Leiria, Portugal

PostPosted: Wed Jan 13, 2016 11:04 am    Post subject: Reply with quote

Thank you.

No, they are both compiled from source.

What they share is portage configuration from here: https://bitbucket.org/alexandre_pereira/gentoo-portage

I update that repository and then mantain specific branchs for each ( hardware differences ). But no binpkg sharing ( one is a i7 sandybridge with radeon, other is i7 haswell with intel+nvidia )
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 6825
Location: Austria

PostPosted: Wed Jan 13, 2016 11:14 am    Post subject: Reply with quote

What profile do you use? A systemd one?
_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
yagami
Apprentice
Apprentice


Joined: 12 May 2002
Posts: 265
Location: Leiria, Portugal

PostPosted: Wed Jan 13, 2016 11:34 am    Post subject: Reply with quote

genstorm wrote:
What profile do you use? A systemd one?


Yes, its systemd profile
Back to top
View user's profile Send private message
yagami
Apprentice
Apprentice


Joined: 12 May 2002
Posts: 265
Location: Leiria, Portugal

PostPosted: Sun Jan 17, 2016 10:35 pm    Post subject: Reply with quote

found the problem: /sbin/unix_chkpwd was not set setuid. making it setuid, allows for kcheckpass not need to be setuid
Back to top
View user's profile Send private message
mdshort
Apprentice
Apprentice


Joined: 06 Dec 2004
Posts: 157

PostPosted: Tue Apr 19, 2016 1:37 am    Post subject: Reply with quote

Thank you! This fixed my issue. I am running unstable branch and this is still a problem.

# chmod +s /sbin/unix_chkpwd
_________________
"With every rise, there is a fall."
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 6825
Location: Austria

PostPosted: Tue Apr 19, 2016 7:35 am    Post subject: Reply with quote

@mdshort: The original issue of this thread was fixed. However, your problem can be a symptom of a config issue (please check `$ ck-list-sessions`) or that the latest ~arch version of pam (1.2.1-r1) with USE=filecaps is not working for you, for some yet unknown reason. For reference: https://bugs.gentoo.org/show_bug.cgi?id=564618
_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
as.gentoo
Guru
Guru


Joined: 07 Aug 2004
Posts: 318

PostPosted: Tue Apr 19, 2016 11:25 am    Post subject: Reply with quote

genstorm wrote:
@mdshort: The original issue of this thread was fixed. However, your problem can be a symptom of a config issue (please check `$ ck-list-sessions`) or that the latest ~arch version of pam (1.2.1-r1) with USE=filecaps is not working for you, for some yet unknown reason. For reference: https://bugs.gentoo.org/show_bug.cgi?id=564618
So using chmod is the general solution here?

Just in case (installed versionn and USE flag)
Code:
0 ✓ xxx@magic /home/xxx $> eix sys-libs/pam$
* sys-libs/pam
     Installierte Versionen: Version:   1.2.1-r1
                             USE:       berkdb cracklib filecaps nls pie -audit -debug -nis -selinux -test -vim-syntax ABI_MIPS="-n32 -n64 -o32" ABI_PPC="-32 -64" ABI_S390="-32 -64" ABI_X86="64 -32 -x32"

0 ✓ xxx@magic /home/xxx $> eix kwallet-pam$
* kde-plasma/kwallet-pam
     Installierte Versionen: Version:   5.6.2-r1(5)
                             USE:       oldwallet -debug

0 ✓ xxx@magic /home/xxx $> ck-list-sessions
Session1:
        unix-user = '1000'
        realname = 'xxx'
        seat = 'Seat1'
        session-type = ''
        active = TRUE
        x11-display = ':0'
        x11-display-device = '/dev/tty7'
        display-device = ''
        remote-host-name = ''
        is-local = TRUE
        on-since = '2016-04-19T10:19:39.868138Z'
        login-session-id = '1'

0 ✓ xxx@magic /home/xxx $> ls -l /etc/pam.d/kde*
-rw-r--r-- 1 root root 217 12. Apr 16:32 /etc/pam.d/kde-np

0 ✓ xxx@magic /home/xxx $> eix sys-apps/openrc
* sys-apps/openrc
     Installierte Versionen: Version:   0.20.5
                             USE:       ncurses netifrc pam unicode -audit -debug -newnet -prefix -selinux -static-libs -tools KERNEL="linux -FreeBSD"

$> eselect profile list | grep \*
  [8]   default/linux/amd64/13.0/desktop/plasma *

Is there anything (else) wrong here?
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 6825
Location: Austria

PostPosted: Tue Apr 19, 2016 4:30 pm    Post subject: Reply with quote

as.gentoo wrote:
genstorm wrote:
@mdshort: The original issue of this thread was fixed. However, your problem can be a symptom of a config issue (please check `$ ck-list-sessions`) or that the latest ~arch version of pam (1.2.1-r1) with USE=filecaps is not working for you, for some yet unknown reason. For reference: https://bugs.gentoo.org/show_bug.cgi?id=564618
So using chmod is the general solution here?

Not manual chmod, but setting USE=-filecaps for pam.
_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
as.gentoo
Guru
Guru


Joined: 07 Aug 2004
Posts: 318

PostPosted: Tue Apr 19, 2016 8:15 pm    Post subject: Reply with quote

Unfortunately that didn't help.
Quote:
$> eix sys-libs/pam | grep -E '\*|nstallierte| USE'
* sys-libs/pam
Installierte Versionen: Version: 1.2.1-r1
USE: berkdb cracklib nls pie -audit -debug -filecaps -nis -selinux -test -vim-syntax ABI_MIPS="-n32 -n64 -o32" ABI_PPC="-32 -64" ABI_S390="-32 -64" ABI_X86="64 -32 -x32"

There are some entries in the log files, but I don't know if that's related.
Code:
Apr 19 21:22:18 [ntpd] adjusting clock frequency by -6.968406 to -18.947395ppm
Apr 19 21:27:29 [dbus] [system] Activating service name='org.freedesktop.Accounts' (using servicehelper)
Apr 19 21:27:30 [accounts-daemon] started daemon version 0.6.40
Apr 19 21:27:30 [dbus] [system] Successfully activated service 'org.freedesktop.Accounts'
Apr 19 21:30:01 [CROND] (root) CMD ([ ! -x /etc/cron.hourly/0anacron ] && { test -x /usr/sbin/run-crons && /usr/sbin/run-crons ; })
Apr 19 21:30:45 [sudo] pam_unix(sudo:session): session closed for user root

## locale is actually de_DE
Apr 19 21:31:26 [polkitd] Unregistered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session1 (system bus name :1.17, object path /org/kde/PolicyKit1/AuthenticationAgent, locale en_GB.utf8)

## probably not related
Apr 19 21:31:26 [kernel] [ 2223.817282] kactivitymanage[3494]: segfault at 7f0d7b38bc50 ip 00007f0d6c0c0071 sp 00007ffe97457fe8 error 4 in libQt5Sql.so.5.5.1[7f0d6c0ac000+3f000]
Apr 19 21:31:26 [kernel] [ 2223.852202] traps: ck-remove-direc[6924] trap int3 ip:7f7aa16bc620 sp:7fffa8018d50 error:0

## openrc here - make.conf contains USE="$USE -systemd", kernel is set to use (only) openrc as well
Apr 19 21:31:27 [sddm-helper] PAM unable to dlopen(/lib64/security/pam_systemd.so): /lib64/security/pam_systemd.so: cannot open shared object file: No such file or directory
Apr 19 21:31:27 [sddm-helper] PAM adding faulty module: /lib64/security/pam_systemd.so
Apr 19 21:31:27 [sddm-helper] pam_unix(sddm-greeter:session): session opened for user sddm by (uid=0)
Apr 19 21:31:42 [/usr/sbin/gpm] *** info [mice.c(1990)]:
Apr 19 21:31:42 [/usr/sbin/gpm] imps2: Auto-detected intellimouse PS/2

## file not found - PA works so ?!
Apr 19 21:31:46 [pulseaudio] [pulseaudio] pid.c: Failed to open PID file '/run/user/1000/pulse/pid': Datei oder Verzeichnis nicht gefunden
                - Last output repeated twice -
Apr 19 21:31:52 [login] pam_unix(login:session): session opened for user xxx by LOGIN(uid=0)
Apr 19 21:31:52 [kernel] [ 2249.615468] traps: ck-remove-direc[6975] trap int3 ip:7f3926a8d620 sp:7ffee7c4c9e0 error:0
Apr 19 21:32:08 [sudo] xxx : TTY=tty1 ; PWD=/home/xxx ; USER=root ; COMMAND=/bin/tail -f /var/log/everything/current
Apr 19 21:32:08 [sudo] pam_unix(sudo:session): session opened for user root by xxx(uid=0)
Apr 19 21:32:12 [sddm-helper] pam_kwallet(sddm:auth): (null): pam_sm_authenticate_
Apr 19 21:32:12 [sddm-helper] pam_kwallet5(sddm:auth): (null): pam_sm_authenticate_
Apr 19 21:32:12 [sddm-helper] pam_kwallet(sddm:setcred): pam_kwallet: pam_sm_setcred
Apr 19 21:32:12 [sddm-helper] pam_kwallet5(sddm:setcred): pam_kwallet5: pam_sm_setcred
Apr 19 21:32:12 [sddm-helper] pam_unix(sddm:session): session opened for user xxx by (uid=0)
Apr 19 21:32:12 [sddm-helper] pam_ck_connector(sddm:session): nox11 mode, ignoring PAM_TTY :0
Apr 19 21:32:12 [sddm-helper] pam_kwallet(sddm:session): pam_kwallet: pam_sm_open_session_
Apr 19 21:32:12 [sddm-helper] pam_kwallet(sddm:session): pam_kwallet: final socket path: /tmp/kwallet_xxx.socket

## Is that supposed to be? What exists is /usr/bin/kwalletd5
Apr 19 21:32:12 [sddm-helper] pam_kwallet: could not execute kwalletd from /usr/bin/kwalletd
Apr 19 21:32:12 [sddm-helper] pam_kwallet5(sddm:session): pam_kwallet5: pam_sm_open_session_
Apr 19 21:32:12 [sddm-helper] pam_kwallet5(sddm:session): pam_kwallet5: final socket path: /tmp/kwallet5_xxx.socket
Apr 19 21:32:13 [dbus] [system] Activating service name='org.kde.powerdevil.backlighthelper' (using servicehelper)
Apr 19 21:32:13 [dbus] [system] Successfully activated service 'org.kde.powerdevil.backlighthelper'
Apr 19 21:32:13 [polkitd] Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session3 (system bus name :1.43 [/usr/lib64/libexec/polkit-kde-authentication-agent-1], object path /org/kde/PolicyKit1/AuthenticationAgent, locale de_DE.UTF-8)
Apr 19 21:32:13 [rtkit-daemon] Successfully made thread 7202 of process 7202 (/usr/bin/pulseaudio) owned by '1000' high priority at nice level -11._
Apr 19 21:32:13 [rtkit-daemon] Successfully made thread 7209 of process 7202 (/usr/bin/pulseaudio) owned by '1000' RT at priority 5._
Apr 19 21:32:18 [rtkit-daemon] Successfully made thread 7302 of process 7202 (/usr/bin/pulseaudio) owned by '1000' RT at priority 5._
Apr 19 21:32:18 [rtkit-daemon] Successfully made thread 7305 of process 7202 (/usr/bin/pulseaudio) owned by '1000' RT at priority 5._
Apr 19 21:33:06 [/usr/sbin/gpm] *** info [mice.c(1990)]:
Apr 19 21:33:06 [/usr/sbin/gpm] imps2: Auto-detected intellimouse PS/2

## this happens when I entered my password in order to unlock the lock screen
Apr 19 21:33:20 [kcheckpass] Authentication failure for xxx (invoked by uid 1000)
Apr 19 21:33:23 [/usr/sbin/gpm] *** info [mice.c(1990)]:
Apr 19 21:33:23 [/usr/sbin/gpm] imps2: Auto-detected intellimouse PS/2

Login works but unlock doesn't.
Why does SDDM show "US layout" as (only) selection? The login works - my password contains special characters - so the keyboard layout is actually de_DE no matter what is shown by SDDM.

For now I use vlock as a "replacement", but as soon as there are several users having sessions this becomes a problem.
Back to top
View user's profile Send private message
as.gentoo
Guru
Guru


Joined: 07 Aug 2004
Posts: 318

PostPosted: Wed Apr 20, 2016 2:34 pm    Post subject: Reply with quote

Unlocking works now, it was either the update to -5.6.3 or removal of
Code:
    -auth        optional        pam_kwallet.so kdehome=.kde4
    -session     optional        pam_kwallet.so
from /etc/pam.d/sddm. The elog for -5.6.2 says that it should contain this:
Code:
-auth        optional        pam_kwallet5.so
-session     optional        pam_kwallet5.so auto_start
-auth        optional        pam_kwallet.so kdehome=.kde4
-session     optional        pam_kwallet.so

I guess that should have helped with the migration of kwallet.
Maybe I did something wrong - at least kmail asked (@-5.6.2) and still asks for login data each time it's started. In KDE4 it was possible to activate a checkbox so that a new entry is made in the wallet when a password was given for the first time. How can I activate that feature?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum