KDM (version 4.11.14) using default classic greeter has multiples bugs related to changing password using pam_chauthtok and various pam configuration Because KDM development in stopped and sddm does not have enough features yet, I've been forced to write some patches. Using pam_cracklib with retry=3 option : Step to reproduce * add UNIX user foobar * set password for user foobar with passwd * Force foobar's password to expire with chage -d 0 foobar * Try to login with KDM as foobar * KDM tells you have to change password * Click on the "Cancel" button to cancel the password change * Try to do a normal login again Result : * KDM display msgbox relating to the previously cancelled password procedure Expected : * PAM procedure being properly ended and new procedure What happens is that pam_cracklib continues to ask for password after the first PAM_CONV_ERR returned by KDM, the greeter thinks PAM has ended but the core is still in the pam_cracklib loop. Reproductible : always with pam_cracklib retry=3 2nd bug is from https://bugzilla.redhat.com/show_bug.cgi?id=906865 reproduced only in LDAP environment. The fedora analysis is good, seems like in LDAP auth context, the timer which normally resets KDM greeter after 40s inactivity is never stopped. After trying to debug the deadlock, I've resigned myself to patch the greeter to stop the timer when we enter a chauthtok sequence. I've also found this bug : https://bugs.launchpad.net/ubuntu/+source/kde-workspace/+bug/641712 Proposed resolution in kdmrc works for me
Created attachment 438554 [details, diff] patch for the cancel button issue
Created attachment 438556 [details, diff] patch for the timer freeze issue
Plasma 4 removed from tree. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2fa0ea91a6726f62e98e5d8b93937d63dca1a80