quoing
commented
1 year ago I got the same issue today. My account was locked even I didn't type password and (probably) swaylock screen was red without possibility to unlock sway.
Closed root2185 closed 1 year ago
quoing
commented
1 year ago I got the same issue today. My account was locked even I didn't type password and (probably) swaylock screen was red without possibility to unlock sway.
kennylevinsen
commented
1 year ago This is within your PAM stack (/etc/pam.d/swaylock). If the PAM stack does not want to let you in, then nothing swaylock can do about it.
One possible cause is having the pam_faillock module in the swaylock PAM stack. The default configuration of pam_faillock will stop you from logging in for 10 minutes if you have typed your password wrong 3 times in the last 15 minutes - and this counts anywhere it is loaded, so if you e.g. mess up sudo, then lock your screen, then you have to wait 10 minutes to try to unlock it.
Go through the PAM stack and make sure it is configured the way you'd like. Remember to follow the includes to figure out what it contains.
[..] so I killed it from a tty [..] When I switched back to the GUI there was the red background with the pointer and I had to restart Sway.
This is by design, if a lock screen dies sway remains in a locked state. The only way to unlock sway is to have a lock screen unlock. You can start a new lock screen if the initial swaylock had broken though.
root2185
commented
1 year ago I have default pam files.
/etc/pam.d/swaylock:
#
# PAM configuration file for the swaylock screen locker. By default, it includes
# the 'login' configuration file (see /etc/pam.d/login)
#
auth include login/etc/pam.d/login:
#%PAM-1.0
auth required pam_securetty.so
auth requisite pam_nologin.so
auth include system-local-login
account include system-local-login
session include system-local-login
password include system-local-loginI didn't type the wrong password before.
donob4n
commented
1 year ago Paste also '/etc/pam.d/system-local-login'
[..] so I killed it from a tty [..] When I switched back to the GUI there was the red background with the pointer and I had to restart Sway.
Try sending a 'SIGUSR1' instead, for test you can do a: "sleep 30 & pkill -USR1 swaylock" before running swaylock and you will be auto unlocked after 30s.
root2185
commented
1 year ago /etc/pam.d/system-local-login:
#%PAM-1.0
auth include system-login
account include system-login
password include system-login
session include system-loginUsing -USR1 successfully kills swaylock.
(You need to use && after sleep 30).
donob4n
commented
1 year ago Wops, so paste also/etc/pam.d/system-login, the only cause of failure that I see is that you could running your desktop as root, but is not the case right?
root2185
commented
1 year ago /etc/pam.d/system-login:
#%PAM-1.0
auth required pam_shells.so
auth requisite pam_nologin.so
auth include system-auth
account required pam_access.so
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_loginuid.so
session optional pam_keyinit.so force revoke
session include system-auth
session optional pam_motd.so
session optional pam_mail.so dir=/var/spool/mail standard quiet
-session optional pam_elogind.so
session required pam_env.so user_readenv=1
-session optional pam_rundir.soIs a problem if you run it as root? On another distro it worked as root.
donob4n
commented
1 year ago Well, if it's a really "a problem" depends on many things but it explains why pam fails to unlock:
/etc/pam.d/login:
%PAM-1.0
auth required pam_securetty.so
This module only allows 'root' login from secure tty's, so if you want that this works just comment or remove that line.
root2185
commented
1 year ago I see thanks, that works indeed.
I typed the right password a few times it stated that it is wrong, so I killed it from a tty:
When I switched back to the GUI there was the red background with the pointer and I had to restart Sway.