search

i3 / i3lock

improved screen locker
https://i3wm.org/i3lock
BSD 3-Clause "New" or "Revised" License
920 stars 404 forks source link

Display PAM messages #286

Closed DamienCassou closed 2 years ago

DamienCassou commented 4 years ago

I'm submitting a…

[x] Bug
[ ] Feature Request
[ ] Other (Please describe in detail)

Current Behavior

When I install i3lock from nixpkgs on Debian (or another non-NixOS distribution), after the screen is locked, my password is not accepted.

Expected Behavior

When I type my password, it is accepted.

Reproduction Instructions

  1. install Debian (or another non-NixOS Linux distribution)
  2. install i3lock from nixpkgs
  3. run i3lock
  4. type your password

Expected: my computer being unlocked Actual: a failed attempt

Other face the same problem: https://gist.github.com/rossabaker/f6e5e89fd7423e1c0730fcd950c0cd33.

Workaround: Install i3lock from Debian instead of Nixpkgs.

If you believe there is nothing for you to fix, I would at least appreciate an error message on the lock screen giving the reason why i3lock is failing.

Environment

Output of i3lock --version:

i3lock version: 2.11.1
kpcyrd commented 4 years ago

I'm not sure if there's anything i3lock can do on systems with a broken pam setup. Installing nix in debian seems to result in a (partially) broken system.

stapelberg commented 4 years ago

We could display PAM messages.

A reason why we aren’t already doing so is because it is not obvious how to implement the visual side of this.

I think a good first start might be to display rectangular boxes with text in them, with line wrapping for long messages. Think smart phone notifications. These could show up above (or below?) the unlock indicator.

DamienCassou commented 4 years ago

On August 30, 2020 10:47:17 AM GMT+02:00, Michael Stapelberg notifications@github.com wrote:

These could show up above (or below?) the unlock indicator.

Exactly!

-- Damien Cassou

smrqdt commented 4 years ago

I also have another use case for this: Arch Linux recently enabled pam_faillock by default which leads to a temporary 10 minutes account lock after 3 failed password attempts (by default). It took me some time to recognize this was the reason i3lock didn’t unlock after typing my password. I only understood after switching to an tty which shows a notice when trying to log in.

It would be very useful, if i3lock could show that notice too.

yyy33 commented 2 years ago

We could display PAM messages.

A reason why we aren’t already doing so is because it is not obvious how to implement the visual side of this.

I think a good first start might be to display rectangular boxes with text in them, with line wrapping for long messages. Think smart phone notifications. These could show up above (or below?) the unlock indicator.

After my ARCH system was updated, I could not unlock it normally if I entered the correct password. What information should I provide to rule out this error

❯ i3lock -v
i3lock: version 2.13.c.4 © 2010 Michael Stapelberg, © 2015 Cassandra Fox, © 2021 Raymond Li
stapelberg commented 2 years ago

Please file a separate issue. Your problem sounds unrelated.

stapelberg commented 2 years ago

I looked at implementing PAM messages (see https://github.com/i3/i3lock/issues/217 for an update), but it turns out that for this particular mis-configuration, PAM just logs an error to syslog and does not return a PAM message via its API.

I’m closing this issue because implementing support for PAM messages doesn’t help with this issue. If you’re interested in better PAM support for other reasons, follow https://github.com/i3/i3lock/issues/217