Unable to Log in

Hello again.

This is more a continuation of my previous topic the next one linked.

I rather forget about any misunderstanding there, was never intentional.

They showed me the command man journalctl, and after checking the also swowed there journalctl | grep -E 'passwd|pam_', I saw a couple of strange things.

After checking a bit and testing some regex, I leave this one and its results.

journalctl | grep -E 'Authentication for user'                                                                    ✔ 
ago 02 18:29:13 mano-hpspectre360 sddm[551]: Authentication for user  "mano"  successful
ago 02 18:37:52 mano-hpspectre360 sddm[546]: Authentication for user  "mano"  successful
ago 03 12:44:27 mano-hpspectre360 sddm[607]: Authentication for user  "mano"  successful
ago 04 10:36:04 mano-hpspectre360 sddm[606]: Authentication for user  "mano"  successful
ago 04 19:54:53 mano-hpspectre360 sddm[595]: Authentication for user  "mano"  successful
ago 05 14:13:30 mano-hpspectre360 sddm[621]: Authentication for user  "mano"  successful
ago 06 16:46:09 mano-hpspectre360 sddm[609]: Authentication for user  "mano"  successful
ago 07 19:45:22 mano-hpspectre360 sddm[778]: Authentication for user  "mano"  successful
ago 08 20:30:44 mano-hpspectre360 sddm[778]: Authentication for user  "mano"  successful
ago 09 14:36:06 mano-hpspectre360 sddm[742]: Authentication for user  "mano"  successful
ago 09 14:46:07 mano-hpspectre360 sddm[773]: Authentication for user  "mano"  successful
ago 10 11:12:02 mano-hpspectre360 sddm[846]: Authentication for user  "mano"  successful
ago 11 09:23:31 mano-hpspectre360 sddm[775]: Authentication for user  "mano"  successful
ago 31 12:52:23 mano-hpspectre360 sddm[750]: Authentication for user  ""  failed
ago 31 12:52:33 mano-hpspectre360 sddm[750]: Authentication for user  ""  failed
ago 31 12:52:50 mano-hpspectre360 sddm[750]: Authentication for user  ""  failed
ago 31 12:53:40 mano-hpspectre360 sddm[750]: Authentication for user  ""  failed
ago 31 12:53:50 mano-hpspectre360 sddm[750]: Authentication for user  ""  failed
ago 31 12:54:09 mano-hpspectre360 sddm[750]: Authentication for user  ""  failed
ago 31 12:54:25 mano-hpspectre360 sddm[750]: Authentication for user  ""  failed
ago 31 12:54:32 mano-hpspectre360 sddm[750]: Authentication for user  ""  failed
ago 31 12:55:26 mano-hpspectre360 sddm[750]: Authentication for user  ""  failed
ago 31 12:56:01 mano-hpspectre360 sddm[750]: Authentication for user  ""  failed
ago 31 12:56:10 mano-hpspectre360 sddm[750]: Authentication for user  ""  failed
ago 31 12:56:52 mano-hpspectre360 sddm[750]: Authentication for user  ""  failed
ago 31 12:58:14 mano-hpspectre360 sddm[750]: Authentication for user  ""  failed
ago 31 12:58:22 mano-hpspectre360 sddm[750]: Authentication for user  ""  failed
ago 31 12:59:01 mano-hpspectre360 sddm[750]: Authentication for user  ""  failed
ago 31 13:00:14 mano-hpspectre360 sddm[750]: Authentication for user  ""  failed
ago 31 13:01:48 mano-hpspectre360 sddm[750]: Authentication for user  ""  failed
ago 31 13:01:58 mano-hpspectre360 sddm[750]: Authentication for user  ""  failed
ago 31 13:02:46 mano-hpspectre360 sddm[745]: Authentication for user  ""  failed
ago 31 13:02:50 mano-hpspectre360 sddm[745]: Authentication for user  ""  failed
ago 31 13:02:58 mano-hpspectre360 sddm[745]: Authentication for user  ""  failed
ago 31 13:03:03 mano-hpspectre360 sddm[745]: Authentication for user  ""  failed
ago 31 13:03:07 mano-hpspectre360 sddm[745]: Authentication for user  ""  failed
ago 31 13:05:23 mano-hpspectre360 sddm[745]: Authentication for user  ""  failed
ago 31 13:12:13 mano-hpspectre360 sddm[750]: Authentication for user  "mano"  successful
sep 05 18:23:13 mano-hpspectre360 sddm[878]: Authentication for user  ""  failed
sep 05 20:41:56 mano-hpspectre360 sddm[739]: Authentication for user  ""  failed
sep 05 20:42:01 mano-hpspectre360 sddm[739]: Authentication for user  ""  failed
sep 05 20:42:11 mano-hpspectre360 sddm[739]: Authentication for user  ""  failed
sep 05 20:44:37 mano-hpspectre360 sddm[738]: Authentication for user  ""  failed
sep 05 20:46:13 mano-hpspectre360 sddm[745]: Authentication for user  ""  failed
sep 05 20:53:48 mano-hpspectre360 sddm[746]: Authentication for user  ""  failed
sep 06 17:57:47 mano-hpspectre360 sddm[746]: Authentication for user  ""  failed
sep 07 16:54:04 mano-hpspectre360 sddm[756]: Authentication for user  ""  failed
sep 07 18:59:03 mano-hpspectre360 sddm[745]: Authentication for user  ""  failed
sep 08 10:11:23 mano-hpspectre360 sddm[745]: Authentication for user  ""  failed
sep 08 10:11:31 mano-hpspectre360 sddm[745]: Authentication for user  ""  failed
sep 08 10:11:46 mano-hpspectre360 sddm[745]: Authentication for user  ""  failed
sep 08 11:51:36 mano-hpspectre360 sddm[818]: Authentication for user  ""  failed
sep 08 11:51:42 mano-hpspectre360 sddm[818]: Authentication for user  ""  failed
sep 08 11:51:46 mano-hpspectre360 sddm[818]: Authentication for user  ""  failed
sep 08 11:51:57 mano-hpspectre360 sddm[818]: Authentication for user  ""  failed
sep 08 12:13:26 mano-hpspectre360 sddm[745]: Authentication for user  "mano"  successful
sep 08 12:25:17 mano-hpspectre360 sddm[750]: Authentication for user  "mano"  successful
sep 08 12:31:56 mano-hpspectre360 sddm[753]: Authentication for user  "mano"  successful
sep 08 13:37:11 mano-hpspectre360 sddm[896]: Authentication for user  "mano"  successful
sep 08 13:49:02 mano-hpspectre360 sddm[774]: Authentication for user  "mano"  successful
sep 08 14:43:14 mano-hpspectre360 sddm[774]: Authentication for user  "mano"  successful

Those empty user match with any time I was unable to log in, and “mano”, my user, the one I have been using all the time.

To be clear, if that user is “normal” I hadn’t done it at will. For the momment, all I have done is to log in, watch videos and shut down. And pleas, pay attention to the timestamps.

Each time I was able to log back in was because I used the chroot thing to reset the password.

Thanks in advance

Just a guess - fingerprint reader?

I use it on my mobile, which I use as USB thethering and hotspot to provide internet access to my laptop, where I am now, but the laptop does not has any fingerprint reader.

But this problem has happened also on main PC, where I had not connected the phone, and on another laptop, where I simply installed manjaro (using the phone usb tether to provide internet).

You have a lot of attempted logins with no username - that is why I thought fingerprint reader - why you have all these I cannot say - perhaps if you enter a wrong password the log register as a empty user - kind’a makes sense - security wise.

One could also speculate - have you installed a custom login theme or do you use the default Manjaro - the one with the lighthouse?

Long story short.

I install manjaro.
No problem for 2 weeks, just used for watching videos every day.
After some time gets back in.
Unable to log in.

Each time empty user attempt is the many times I tried to log in. (In the sddm appears I am using mano user but password doesn’t work) I tried many combinations (wating the lock time), but nothing works.

I change it with chroot from USB, it works. mano log in in the middle. After five days I can’t get back in, until I do the chroot again.

Another avenue, in particular to check whether your password was indeed changed or even reset
(something everyone was saying could not happen by itself, without interaction)
would be to create a copy of the /etc/shadow file
first when all is working
and then again - booted from USB - when it is not anymore,
but before you (re)set the password.

For instance:

sudo cp /etc/shadow /root/shadow_when_working
(to create the first copy)

cp /etc/shadow /root/shadow_when_not_working
(for the second copy - this is from chroot, so no sudo needed)

Then compare the two files:
diff /root/shadow_when_working /root/shadow_when_not_working

output should be empty - indicating that the files are identical
in other words: unchanged

Or look at them by eye with cat file1 and cat file2.
Any difference in the hash should be easy to spot.

That would definitely rule out this theory of yours.
Or confirm it.

There are only hashes in this file - the hash will change each time, even if you set the same password.
So you could even post it here without fear of loss of confidentiality.

I made a test entering the wrong password deliberate twice - (block is after the 3rd attempt) - therefore I provided the correct password the third time.

sep 08 16:44:01 tiger sddm-helper[1407]: pam_unix(sddm:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=fh
sep 08 16:44:06 tiger sddm-helper[1410]: pam_systemd_home(sddm:auth): New sd-bus connection (system-bus-pam-systemd-home-1410) opened.
sep 08 16:44:06 tiger sddm-helper[1410]: pam_unix(sddm:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=fh
sep 08 16:44:14 tiger sddm-helper[1413]: pam_systemd_home(sddm:auth): New sd-bus connection (system-bus-pam-systemd-home-1413) opened.
sep 08 16:44:14 tiger sddm-helper[1413]: pam_kwallet5(sddm:auth): pam_kwallet5: pam_sm_authenticate
sep 08 16:44:14 tiger sddm-helper[1413]: pam_kwallet5(sddm:setcred): pam_kwallet5: pam_sm_setcred
sep 08 16:44:14 tiger sddm-helper[1413]: pam_unix(sddm:session): session opened for user fh(uid=1000) by fh(uid=0)
sep 08 16:44:14 tiger sddm-helper[1413]: pam_systemd(sddm:session): New sd-bus connection (system-bus-pam-systemd-1413) opened.
sep 08 16:44:14 tiger (systemd)[1419]: pam_warn(systemd-user:setcred): function=[pam_sm_setcred] flags=0x8002 service=[systemd-user] terminal=[] user=[fh] ruser=[<unknown>] rhost=[<unknown>]
sep 08 16:44:14 tiger (systemd)[1419]: pam_unix(systemd-user:session): session opened for user fh(uid=1000) by fh(uid=0)

It is fairly easy to see the two wrong attempts in the log and the successful login.

So when your system refuse to log you in it is because the password has been changed.

 $ journalctl | grep -E 'password changed'
sep 08 16:56:14 tiger passwd[4697]: pam_unix(passwd:chauthtok): password changed for fh
sep 08 16:58:33 tiger passwd[4985]: pam_unix(passwd:chauthtok): password changed for fh

For the sake of this issue - it is possible that a diskerror may cause corruption of the /etc/shadow file which will cause your login errors.

But that it will only occur between 5-14 days - that is impossible.

Ok.

Despite the password itself which I never said that was it, just that empirically that visually nothing has change but that, does the empty user thing has any sense to you?

the result of that command is empty

Could be cause I didn’t technically changed the password, I set the same that I remembered.

No.

It could be your sddm configuration, or a theme issue.
No idea.
Because that should also not change without interaction.
Not even through an update.

But you already checked the /etc/shadow file?
that is what I understood.

The hash will change each time you set the password - even if you use the same password.

So you are saying that these intermediate sessions you have reset the user’s password?

And further you say that there is no log of it?

Let me check with another system

//EDIT
The shadow file will change the hash - even if you set the same passwd - this is because a new random salt is generated everytime the command is run.

And it is correct there is no trace of it in the log because the systemd logging daemon is not running for the chrooted system.

Therefore it is technically possible to change a users password without leaving trace of it.

Even so - it requires user interaction - at some level.

No no, lets say the password I set at first was 123

When I had this problem, since I thought it was that I forgot my password, lets say I thought it was super_123, I set again as 123, so if the problem wasnt the password file and I set the password again to be the same, then the file hasn’t changed at all, cause it was always 123.

I execute the command of changing the password, but I set the same password as the previous one that wasn’t working.

Then use this procedure to check when the issue occurs the next time.

Once again:
it doesn’t matter what password you set - you can set the same.
The hash in /etc/shadow will still change each time you set it.
(it would be a very poor hash function when it would produce the same hash for the same password twice)

This way you can confirm or disprove whether the password was indeed changed.

Just for the record, you appear to be barking up the wrong tree. It’s not your password that has changed, but you’re attempting to log in without supplying a (correct) user name.

You probably have sddm configured to not show user names on the login screen, and in that case, you have to manually type both your user name and your password in order to log in. If on the other hand you have sddm showing the user name, then the last used user name will already be selected and then you only need to enter the password.

Post deleted.

Try again, in English this time.

I was about to post the translation.

Clearly, something just isn’t getting through. Using the OP’s native language (Spanish, as became apparent yesterday), might have helped hasten understanding.

The logs the OP posted are all I need.

His logs will help you have him understand nuances of English?

Whatever the case, I’m bowing out of this one.

@noobToLinux

Good luck.

I think I should have left a question mark to clarify that I wasn’t confirming that theory, I understand that password changing itself is not how a software should be done and I don’t think that linux has a backdoor or stuff like that, despite I am just a regular non problematic person. I don’t think so. But from my perspective, there is no other possible explantion, doing the same as everyday, suddenly it doesn’t work, and it shows nothing different.

I have not done anything strange. Just everything to default.

This picture is close to what I see the name and the option to set the password. (I see mine obviously, not that one)

I also have an option to select another user. If I click there it promt me to the option to type the user name and the password.

I assume I am in this case, but the name shown is the Name I set on install, not the user (since the user should be lower case).

At first I have no option to type the user, it is pre selected.

When this error occurs, typying it manually doesn’t work. And I know it detects the user cause if the user is typed incorrectly there is no attemps lock. So it must be the password.

Thanks