Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 950022 - sys-libs/pam-1.6.1: "unix_chkpwd[1575]: check pass; user unknown" when using mate-extra/mate-screensaver-1.28.0 or kde-plasma/kscreenlocker-6.2.5
Summary: sys-libs/pam-1.6.1: "unix_chkpwd[1575]: check pass; user unknown" when using ...
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: immolo
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-02-21 08:07 UTC by Thibaud CANALE
Modified: 2025-02-26 08:37 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
emerge --info sys-libs/pam sys-auth/pambase mate-extra/mate-screensaver (file_950022.txt,11.76 KB, text/plain)
2025-02-21 08:07 UTC, Thibaud CANALE
Details
emerge --info sys-libs/pam, with version 1.7.0_p20241230-r3 (file_950022.txt,9.85 KB, text/plain)
2025-02-24 09:44 UTC, Thibaud CANALE
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Thibaud CANALE 2025-02-21 08:07:30 UTC
Created attachment 919594 [details]
emerge --info sys-libs/pam sys-auth/pambase mate-extra/mate-screensaver

MATE screensaver fails to unlock my session when providing my correct password.

From syslog "facility" lever `auth`, the following message appear:
```
[date & host REDACTED] unix_chkpwd[1565]: check pass; user unknown
[date & host REDACTED] unix_chkpwd[1571]: check pass; user unknown
[date & host REDACTED] unix_chkpwd[1571]: password check failed for user (thican)
[date & host REDACTED] mate-screensaver-dialog[1545]: pam_unix(mate-screensaver:auth): authentication failure; logname=thican uid=1000 euid=1000 tty=:0.0 ruser= rhost=  user=thican
[date & host REDACTED] unix_chkpwd[1575]: check pass; user unknown
[date & host REDACTED] mate-screensaver-dialog[1545]: pam_unix(mate-screensaver:auth): conversation failed
[date & host REDACTED] mate-screensaver-dialog[1545]: pam_unix(mate-screensaver:auth): auth could not identify password for [thican]
```

I didn’t change nor update recently my PAM configuration.

Here the content of /etc/pam.d/mate-screensaver, unchanged.
```
#%PAM-1.0

# Fedora Core
auth       include	system-auth
auth       optional     pam_gnome_keyring.so
account    include	system-auth
password   include	system-auth
session    include	system-auth

# SuSE/Novell
#auth       include      common-auth
#auth       optional     pam_gnome_keyring.so
#account    include      common-account
#password   include      common-password
#session    include      common-session
```

I tried with and without pam_gnome_keyring.so line.

Also file /etc/pam.d/system-auth, unchanged too.
```
auth		required	pam_env.so
auth		requisite	pam_faillock.so preauth
auth            [success=1 new_authtok_reqd=1 ignore=ignore default=bad]      pam_unix.so nullok  try_first_pass
auth		[default=die]	pam_faillock.so authfail
auth		optional	pam_cap.so
account		required	pam_unix.so
account         required        pam_faillock.so
password	required	pam_passwdqc.so config=/etc/security/passwdqc.conf
password	required	pam_unix.so try_first_pass use_authtok nullok sha512 shadow
session		required	pam_limits.so
session		required	pam_env.so
session		required	pam_unix.so
```

I don’t have issue when connecting through TTY, as my main way to authenticate, no idea then if MATE screensaver is only concerned in this issue.
Comment 1 Thibaud CANALE 2025-02-21 08:54:19 UTC
I changed the title, I noticed this issue also with KDE screensaver.
Comment 2 Thibaud CANALE 2025-02-23 09:28:03 UTC
Just for records, thanks to KDE, a better solution if using elogind is to unlock the session instead of relying on a "unforeseen" maneuver such as killing the screen locker process.
KDE actually still protects user’s session with a black screen and a message how to recover.
```
loginctl unlock-session <SESSION>
```

Get your list of sessions with `loginctl list-sessions` as your user.
Comment 3 Thibaud CANALE 2025-02-24 09:39:44 UTC
After sys-libs/pam update with version 1.7.0_p20241230-r3, I can’t reproduce this issue.

Still curious why it happened in previous version 1.6.1, mostly if this issue has been genuinely fixed so it won’t reproduce later.
Comment 4 Thibaud CANALE 2025-02-24 09:44:44 UTC
Created attachment 919801 [details]
emerge --info sys-libs/pam, with version 1.7.0_p20241230-r3

New `emerge --info sys-libs/pam`

Maybe the new elogind USE flag support has fixed it?
Comment 5 Andreas Sturmlechner gentoo-dev 2025-02-25 18:54:22 UTC
I'll have to assume local config issue that was overwritten by pam version bump, or broken running session happening during update of toolkit (fixed by reboot), since there was no other reported issue of that kind (at least speaking as KDE proj).

Otherwise, there's bug 681334, not sure how far that ever got.
Comment 6 Thibaud CANALE 2025-02-26 08:37:24 UTC
(In reply to Andreas Sturmlechner from comment #5)
> I'll have to assume local config issue that was overwritten by pam version
> bump, or broken running session happening during update of toolkit (fixed by
> reboot)[…].

Which local config files are you referencing to? Under /etc/pam.d/? Those are not concerned by sys-libs/pam:
```
# same package list than `qfile /etc/pam.d/* | cut -d ':' -f 1 - | sort -u`
% qfile /etc/pam.d/
kde-plasma/kscreenlocker: /etc/pam.d
mate-extra/mate-screensaver: /etc/pam.d
net-misc/dropbear: /etc/pam.d
net-misc/openssh: /etc/pam.d
net-print/cups: /etc/pam.d
sys-apps/kbd: /etc/pam.d
sys-apps/openrc: /etc/pam.d
sys-apps/shadow: /etc/pam.d
sys-apps/util-linux: /etc/pam.d
sys-auth/pambase: /etc/pam.d
sys-auth/polkit: /etc/pam.d
sys-process/fcron: /etc/pam.d
```

And obviously, no it was not an issue "fix by reboot" because this happened for a few days.
Based on auth.log, the first entry about `unix_chkpwd[<PID>]: check pass; user unknown` was this February 15th, and few hours later, I see the error concerning MATE’s screensaver:
```
unix_chkpwd[31915]: check pass; user unknown
unix_chkpwd[31915]: password check failed for user (thican)
mate-screensaver-dialog[31892]: pam_unix(mate-screensaver:auth): authentication failure; logname=thican uid=1000 euid=1000 tty=:0 ruser= rhost=  user=thican
unix_chkpwd[31917]: check pass; user unknown
```

And when I also tested with KDE’s:
```
unix_chkpwd[2817]: check pass; user unknown
unix_chkpwd[2817]: password check failed for user (thican)
kscreenlocker_greet[2786]: pam_unix(kde:auth): authentication failure; logname=thican uid=1000 euid=1000 tty= ruser= rhost=  user=thican
```

Here the related emerge logs about those packages, and for pam below.
As you might notice, I retried yesterday with previous sys-apps/util-linux and sys-libs/pam to see if I can reproduce.
```
% qlop --verbose --date '3 month ago' $(qfile /etc/pam.d/ | cut -d ':' -f 1 -) 
2024-12-04T21:39:00 >>> kde-plasma/kscreenlocker-6.2.4: 2′02″
2024-12-05T20:17:01 >>> sys-apps/openrc-0.55.1: 30s
2024-12-24T10:31:16 >>> sys-auth/polkit-123-r1: 14s
2024-12-24T10:35:05 >>> sys-auth/polkit-123-r1: 14s
2024-12-27T18:37:05 >>> kde-plasma/kscreenlocker-6.2.4: 18′17″
2025-01-22T18:24:03 >>> sys-apps/kbd-2.7.1: 20s
2025-01-26T17:02:04 >>> kde-plasma/kscreenlocker-6.2.5: 8′09″
2025-01-30T18:56:12 >>> net-misc/openssh-9.9_p1: 1′00″
2025-02-01T20:34:40 >>> net-misc/dropbear-2024.86-r1: 42s
2025-02-19T04:36:48 >>> net-misc/openssh-9.9_p2: 55s
2025-02-21T18:33:49 >>> kde-plasma/kscreenlocker-6.2.5: 18′28″
2025-02-23T20:58:06 >>> sys-apps/util-linux-2.40.4: 1′25″
2025-02-26T00:14:37 >>> sys-apps/util-linux-2.40.2: 1′25″

% qlop --verbose sys-libs/pam | tail -n 3 -
2024-07-17T12:51:50 >>> sys-libs/pam-1.6.1: 1′18″
2025-02-23T20:57:36 >>> sys-libs/pam-1.7.0_p20241230-r3: 30s
2025-02-25T23:21:00 >>> sys-libs/pam-1.6.1: 1′25″
```

I am unable to reproduce, unfortunately for me, and I don’t see which file might have been fixed recently.

The last entry about unix_chkpwd and its error was February 22nd, I don’t see any update fixing this issue except sys-libs/pam-1.7.0_p20241230-r3 February 23rd.