User account periodically fails to login with correct password

Periodically when I…

  • Try to login at the desktop manager
  • Try to sudo in the terminal
  • Try to authenticate when at a GUI password prompt
  • Try to ssh into this computer from elsewhere

… I will incorrectly be told “Sorry, the password is incorrect.” I am 100% certain that the password is correct. When this happens, after a period of time, it begins to function again. Also, rebooting seems to allow login again.

The sudo password is the same as the su password, and su always works without issue.

I have tried using loginctl unlock-sessions as root and nothing apparently happens.

There is no apparent rhyme or reason behind when this occurs (for example, after the screen dims from being idle). It will often happen while I am actively working. When the problem shows up I can open a text editor and type my password in plain text and it shows up normally.

Does anyone have any suggestions for how to troubleshoot this problem?

1 Like

I suggest you use a different password for root (the one you call su)

I am not a regular KDE user but I have from time to time played with it and I found that some functionality in KDE explicitly looks for root authentication - and it is not always obvious if it is the user password or the root password.

If the functionality explicitly looks for UID=0 then - even when passwords are identical - the system password hash is not - which will throw the message about incorrect password.

This is why my initial suggestion is to use different passwords for root and user so - - when using KDE - if the first password authentication fails - even with correct password - then you may try the root password instead.

2 Likes

This sounds like a bug. Has it been reported? Does it need to be?

The other aspect of this is that it is not just for privilege escalation but even in the main user login. I am doubtful but willing to try a new password.

Which DE are you running? A couple of months ago I had ad a similar problem on login after suspend in gdm, Gnome.

KDE Plasma with all the stock login for Manjaro KDE edition.

Perhaps it may be worth to try create a new user and see if you run into the same problem. I don’t know how I would go about troubleshooting this on command line. Maybe some program or update created some permission problem/conflict.

Edit: perhaps using your system journal log file to check which process is running when that happens

Sometimes, i have similar issues. I use XFCE.
It has not happened for a while but, it often happened when i used Mugshot by just clicking on it on whiskermenu, then my sudo password does not work anymore.

Funny, i just clicked on it right now…and now my sudo password is not recognized anymore. I did not change anything, just run Mugshot, close it…then broken sudo password.

So, yes, it’s a bug, i do not know where. My root password is also the same as the sudo one. No issue with root password though.

It also happened to me when editing /etc/sudoers (only to uncomment Defaults pwfeedback)

I only have this is journalctl

mars 31 13:51:15 hannibal sudo[52435]: pam_faillock(sudo:auth): Consecutive login failures for user barracuda account temporarily locked
mars 31 13:51:15 hannibal sudo[52435]: pam_systemd_home(sudo:auth): systemd-homed is not available: Unit dbus-org.freedesktop.home1.service not found.
mars 31 13:51:15 hannibal sudo[52435]: pam_unix(sudo:auth): auth could not identify password for [barracuda]
mars 31 13:51:15 hannibal sudo[52435]: pam_unix(sudo:auth): conversation failed
mars 31 13:51:06 hannibal sudo[52413]: pam_systemd_home(sudo:auth): systemd-homed is not available: Unit dbus-org.freedesktop.home1.service not found.
mars 31 13:51:06 hannibal sudo[52413]: pam_unix(sudo:auth): auth could not identify password for [barracuda]
mars 31 13:51:06 hannibal sudo[52413]: pam_unix(sudo:auth): conversation failed
mars 31 13:51:06 hannibal sudo[52412]: pam_systemd_home(sudo:auth): systemd-homed is not available: Unit dbus-org.freedesktop.home1.service not found.
mars 31 13:51:06 hannibal sudo[52412]: pam_unix(sudo:auth): auth could not identify password for [barracuda]
mars 31 13:51:06 hannibal sudo[52412]: pam_unix(sudo:auth): conversation failed
mars 31 13:42:31 hannibal haruna[51301]: ThumbnailResponse::getPreview(const QString&, const QSize&)::<lambda(const KFileItem&)> : Failed to create thumbnail

It happened with several Manjaro installations, so with several versions. i cannot compare with other distros, i do not use them

Where would be the appropriate place to file a bug report? This is a pretty critical bug since in a production environment where users do not have root access they will be completely locked out from their computers at random times in the workday.

I can confirm that the problem is NOT having the same password for the user and root. After changing my user password the problem persists.

I have witnessed that too on other people’s computers (Manjaro KDE). It never happened to me though, despite my computer being up all the time and rebooting only when needed.

First the bug needs to be discovered as currently there is only a problem and nothing else. If there is no relevant info about the issue and we can’t identify what is creating the issue, then you can’t report anything as you don’t know to whom to report it.

What we know:

  • The problem is not limited to the desktop environment
  • The problem is not related to having identical user and root passwords
  • The problem is not related to a specific utility but to user authentication itself.
  • The problem is not limited to login itself (where it will set variables and launch a shell) but the authentication part of the login.

Since Manjaro handles authentication with PAM we should be able to identify the module responsible for this authentication. Is it possible that this is a pam configuration, like one that would fail the password if it is typed incorrectly the first time?

@omano

What do you mean exactly ?

I mean, who could be in charge of identifying any bug/anomaly ? Is there any bugzilla thing somewhere ?

If it is a true bug then we should probably find the repo of the program with the bug. If it is a non-intuitive default configuration then we should report to Manjaro whoever designs that configuration.

I have confirmed that it is possible to get the password wrong the first try and right the second try and login successfully.

I mean exactly what I wrote. Currently there is an issue identified. OK. But if you want to report the bug, what is the bug? In which program? Do you have a reproduction procedure? If you can’t answer that you can’t report anything.

See previous sentence I wrote above.

I do not know how authentication is supposed to work. I am assuming it is managed with PAMs? What gets called when you attempt to (1) login to the DE (2) sudo as a user (3) authenticate in a gui?

Under the hood, something is hashing the input field and comparing it to the value in /etc/shadow, right?

See my previous post above

Are you trying to be funny or don’t you understand what I wrote?
If you know where the issue lies then report the issue upstream to the specific program which has an issue you can explain. If you still wonder what the bug is then you can’t report it, as you can’t say where the issue is.

What you say is meaningless, at least i am sure with that.
I do not understand why you replied to this thread as you add nothing which can help the OP or me.