[Stable 28-08-2020] Issues with logging in - KDE - sddm

Doesn’t work for me. Looks like same behavior, from sddm gives “login failed” from tty gives “login incorrect”

maybe system-auth file also needs some edit?

Actually this does work! I misspelled pam_faillock.so. Thank you very much; I’m finally back on my Desktop.

can you please share system-login, system-auth, systemd-user files

I don’t get why you ask for these.
All those files belong to packages and are available on your machine either as .pacnew-file or (if unchanged) as the actual file.

/etc/pam.d/system-login (as is from pambase package):


auth       required   pam_shells.so
auth       requisite  pam_nologin.so
auth       include    system-auth

account    required   pam_access.so
account    required   pam_nologin.so
account    include    system-auth

password   include    system-auth

session    optional   pam_loginuid.so
session    optional   pam_keyinit.so       force revoke
session    include    system-auth
session    optional   pam_motd.so          motd=/etc/motd
session    optional   pam_mail.so          dir=/var/spool/mail standard quiet
-session   optional   pam_systemd.so
session    required   pam_env.so           user_readenv=1

/etc/pam.d/system-auth (as is from pambase package):


auth       required                    pam_faillock.so      preauth
# Optionally use requisite above if you do not want to prompt for the password
# on locked accounts.
auth       [success=2 default=ignore]  pam_unix.so          try_first_pass nullok
-auth      [success=1 default=ignore]  pam_systemd_home.so
auth       [default=die]               pam_faillock.so      authfail
auth       optional                    pam_permit.so
auth       required                    pam_env.so
auth       required                    pam_faillock.so      authsucc
# If you drop the above call to pam_faillock.so the lock will be done also
# on non-consecutive authentication failures.

-account   [success=1 default=ignore]  pam_systemd_home.so
account    required                    pam_unix.so
account    optional                    pam_permit.so
account    required                    pam_time.so

-password  [success=1 default=ignore]  pam_systemd_home.so
password   required                    pam_unix.so          try_first_pass nullok shadow
password   optional                    pam_permit.so

session    required                    pam_limits.so
session    required                    pam_unix.so
session    optional                    pam_permit.so

/etc/pam.d/systemd-user (as is from systemd package):

# Used by systemd --user instances.

account  include system-login
session  required pam_loginuid.so
session  include system-login
1 Like

I’m asking because I’ve been trying to solve issue during last 4 hours. And there was a chance that I mixed up those files.

But the answer is no, files are the same besides pam_faillock.so section in system-login

I had the same issue. I could not login using any account (root or non-root) on XFCE or text console.

Here are all the steps I had to do (which are based on discussion in this thread):

  1. In Grub menu enter into edit mode.
  2. find line starting with “linux” and append init=/bin/bash to boot in single user root mode.
  3. open /etc/pam.d/system-login file and make sure your file matches content posted by “freggel.doe” in this thread. I had to remove 2 lines containing pam_tally2.so. Unfortunately I failed to preserve bad file.
  4. save and reboot

Thanks everyone for the input, but unfortunately these suggestions did not work for me. I made sure that all of the 3 files freggel.doe posted were identical in my machine, but it still claimed my password was incorrect at the login screen. I guess I am just going to reinstall the OS, as something else must be screwed up here.

Okay. I really don’t know what to tell you guys on this one.

So I decided to try a long shot and chrooted into my internal SSD from my liveusb and changed my account password and root password using “sudo passwd [Account Name]” since it was saying my password was wrong. I am in now and everything seems fine.

I dont know why both @freggel.doe and @Sergei
are simply deleting the lines … I am pretty sure (though it may depend on your system) that pam_tally2 should be replaced … not just the line removed.

For pam_tally2:

Deprecate pam_tally and pam_tally2 in favour of pam_faillock.

For pam_cracklib, if you are using it (I was not) then it should be replaced as well:

Deprecate pam_cracklib, there are two better alternatives to this
obsolete module: pam_passwdqc from passwdqc project and pam_pwquality
from libpwquality project.

1 Like

I did not delete anything - these lines never were present.
The files are exactly as delivered by the current packages.
Perhaps other installations had those lines present due to being older installations?

I also am having issues with logging back in after my system goes to sleep. I did not mean to update today, because I do not have the technical knowledge on Linux.

I am currently using Manjaro on a 2012 iMac booting off an SD card because the hard drive crashed.

I edited /etc/pam.d/system-login, which I found through the search and added the missing lines with “auth required pam_faillock.so” “auth required pam_tally2.so” was not located in my version of the file. The “user_readenv=1” was located at the end of the line for me.

After restart the issue still exists. Is there an easy way to fix this through the GUI. Can I easily downgrade without going through the command line?

Sure. If they arent present then theres nothing to do. Its about the deprecation of some modules … if those modules are in use they need to be changed. But only if they are in use.
Lines should not be just removed or just added.

pam_faillock.so entries reside in /etc/pam.d/system-auth in my case, which now also seems to be the packages default.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.