Since upgrading to the latest pam/pambase, pam is returning the wrong status code for unsuccessfully logging in/unlocking existing sessions. This manifests in programs using different error messages. For example, Gnome/MATE screensaver will return "Not permitted to gain access at this time" instead of "Incorrect password". https://github.com/mate-desktop/mate-screensaver/blob/master/src/gs-auth-pam.c#L470 Reproducible: Always Steps to Reproduce: 1. upgrade to latest stable pam and pambase 2. screw up entering your password 3. Actual Results: PERM_DENIED Expected Results: AUTH_ERROR chris@gazelle ~ $ equery l pam * Searching for pam ... [IP-] [ ] sys-libs/pam-1.4.0_p20200829:0 chris@gazelle ~ $ equery l pambase * Searching for pambase ... [IP-] [ ] sys-auth/pambase-20201028.1:0
This has nothing to do with pam itself, rather with software using pam.
Care to explain? It worked just fine before you guys updated things...
More issues with this... Rebooted my laptop for a kernel upgrade, mistyped my password logging into slim, and the screen blacked out and wouldn't give me another login prompt. Had to kill -9 both X and slim. slim: pam_authenticate(): Permission denied I tried filing a bug with mate-screensaver but it didn't go anywhere. I have a hard time believing that every package that uses pam uses it wrong.
Please reopen the bug if you only have something more acceptable which can be analyzed. Currently it is a guess game which does not reveal anything in regards with pam itself.
I've been dealing with this on 5 systems for the past 2 weeks. I'm going to just comment out faillock and leave it commented out since that restores the correct behaviour. Whenever someone decides to fix this, you know where the problem lies.
USE=debug on pambase and syslog may help? I just don't understand why you're hitting this and nobody else is. emerge -pvO pam pambase?
Hello. Same problem. My system. Linux 5.4.80-gentoo-r1 x86_64 [ebuild R ] sys-libs/pam-1.5.1::gentoo USE="berkdb filecaps pie (split-usr) -audit -debug -nis (-selinux)" 0 KiB [ebuild R ] sys-auth/pambase-20201103::gentoo USE="elogind nullok passwdqc sha512 -caps -debug -gnome-keyring -minimal -mktemp -pam_krb5 -pam_ssh -pwhistory -pwquality -securetty (-selinux) -systemd" 0 KiB [ebuild R ] x11-misc/slim-1.3.6-r5::gentoo USE="pam -branding" 0 KiB