Arch Linux

smaTc

Member

Registered: 2021-04-08

Posts: 2

Cinnamon-Screensaver not accepting password after display turn-off

Hello everyone,
I got a very weird problem recently.
When the cinnamon-screensaver locks and the display turn-off was triggered, my password won't be accepted by the screensaver anymore and the account is locked immediately for 10 minutes. Does anyone have any clue what could cause this? I never had this issue and only found some posts about this problem on Ubuntu with some permission problems.
If I trigger the screensaver manually or enter the password before the screen is turned-off the password is accepted. Any clues or ideas how I can find the source of the problem?

Thanks

extropian

Member

Registered: 2022-08-24

Posts: 2

Website

Re: Cinnamon-Screensaver not accepting password after display turn-off

Just came here to confirm that I'm having a similar issue and it only recently started to happen.

A couple notes to add regarding what I'm experiencing to help narrow down our issue:
- My drive is encrypted via LUKS
- It doesn't happen right away. I can manually lock it, and it will accept my password just fine. When I return to the machine after it's been left on overnight is when I experience the issue.
- I noticed that the on-screen keyboard on the lockscreen does not correctly layout a US-keyboard. The letter's "Y" and "Z" are swapped. Regardless, if I type my password via my own keyboard or the onscreen keyboard with the swapped letters, the password is rejected.

I'm running cinnamon 5.4.9-1 and lightdm 1:1.32.0-1. Also running Linux 5.19.3-arch1-1.

---

chuck.is

spsf64

Member

From: FL, US or SP, BR

Registered: 2012-05-18

Posts: 102

Website

Re: Cinnamon-Screensaver not accepting password after display turn-off

Many cinnamon packages are flagged "out-of-date" as of today, including cinnamon itself (now 5.4.11) and cinnamon-screensaver (now 5.4.4).
I updated/created all packages myself and don't have any errors. Maybe wait for updated packages or report problem to cinnamon developers.

---

Sergio S.

t3pfaffe

Member

Registered: 2022-11-01

Posts: 1

Re: Cinnamon-Screensaver not accepting password after display turn-off

I am still encountering this issue on cinnamon-screensaver 5.4.4. Any solutions to this yet?

seth

Member

Registered: 2012-09-03

Posts: 58,669

Re: Cinnamon-Screensaver not accepting password after display turn-off

1. open a root shell on a different TTY (in case you lock yourself out)
2. in /etc/pam.d/system-auth, comment (prepend "#" at the beginning of the line) *every* single line that has "pam_systemd_home.so" in it (and save the file)
3. lock the system w/ cinnabun-screensweetener and see whether you can unlock
4. if not, close the locker w/ "DISPLAY=:0 cinnamon-screensaver-command -d" from your root shell (you may have to sudo into your regular user, but do NOT close the root shell) and test whether you can still login on yet another TTY or "sudo -i" in a  VTE or whatever, just make sure that you didn't accidentally break pam (if you just commented homed correctly, that's not gonna happen)

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

extropian

Member

Registered: 2022-08-24

Posts: 2

Website

Re: Cinnamon-Screensaver not accepting password after display turn-off

I am still encountering this issue on cinnamon-screensaver 5.4.4. Any solutions to this yet?

I have not found a solution (other than switching desktop environments entirely which is what I ended up doing) but wanted to add more notes on the issue. I posted a thread in the Linux Mint forum, but it hasn't been very helpful.

After dealing with this issue for several weeks, I realized that tapping ESC a couple times on the lockscreen will automatically lock me out for 10 minutes. A message indicating that it's locked is displayed for a fraction of a second and I hadn't noticed it before. It seems to be effecting Arch and Arch based distros because my girlfriend was on Manjaro using the Cinnamon Desktop community edition and was having the same exact issue. I don't think that hitting ESC a few times is the only thing that triggers the 10 minute lockout, but it was something I was able to replicate.

---

chuck.is

xolider

Member

Registered: 2024-08-21

Posts: 4

Re: Cinnamon-Screensaver not accepting password after display turn-off

I am still encountering this issue on cinnamon-screensaver 5.4.4. Any solutions to this yet?

Hello !
I know this post is old, but still had the issue with cinnamon-screensaver 6.2.0. I found a solution to fix it.

It seems this issue is related to the cinnamon-screensaver PAM configuration. I fixed it by analyzing the LightDM PAM configuration.

1. open the /etc/pam.d/cinnamon-screensaver file
2. replace all "system-auth" occurences by "system-login"
3. close the file and reboot.

Now your password should be accepted

seth

Member

Registered: 2012-09-03

Posts: 58,669

Re: Cinnamon-Screensaver not accepting password after display turn-off

system-login should effectively simply include system-auth (next to some optional and transactional stuff)
What do those files look like on your system (incl. the cinnamon-screensaver one) and how did you get there "by analyzing the LightDM PAM"?
You're not logging in from your screen locker, hence all the login-specifc stuff should™ not be required

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

xolider

Member

Registered: 2024-08-21

Posts: 4

Re: Cinnamon-Screensaver not accepting password after display turn-off

system-login should effectively simply include system-auth (next to some optional and transactional stuff)
What do those files look like on your system (incl. the cinnamon-screensaver one) and how did you get there "by analyzing the LightDM PAM"?
You're not logging in from your screen locker, hence all the login-specifc stuff should™ not be required

Here is the /etc/pam.d/cinnamon-screensaver

#%PAM-1.0

# Fedora & Arch
-auth      sufficient   pam_selinux_permit.so
auth       include      system-login
-auth       optional     pam_gnome_keyring.so
account    include      system-login
password   include      system-login
session    include      system-login

# SuSE/Novell
#auth       include      common-auth
#auth       optional     pam_gnome_keyring.so
#account    include      common-account
#password   include      common-password
#session    include      common-session

in the Fedora & Arch section, the "system-login" was "system-auth". I changed these lines to match the LightDM configuration which are the same.

seth

Member

Registered: 2012-09-03

Posts: 58,669

Re: Cinnamon-Screensaver not accepting password after display turn-off

Ok, but what do system-login and system-auth look on your system?
Again: the screensaver isn't supposed to log you in and for the most part system-login just includes system-auth, so the change should™ be completely idempotent.

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

xolider

Member

Registered: 2024-08-21

Posts: 4

Re: Cinnamon-Screensaver not accepting password after display turn-off

Ok, but what do system-login and system-auth look on your system?
Again: the screensaver isn't supposed to log you in and for the most part system-login just includes system-auth, so the change should™ be completely idempotent.

/etc/pam.d/system-login

#%PAM-1.0

auth       required   pam_shells.so
auth       requisite  pam_nologin.so
auth       include    system-auth

account    required   pam_access.so
account    required   pam_nologin.so
account    include    system-auth

password   include    system-auth

session    optional   pam_loginuid.so
session    optional   pam_keyinit.so       force revoke
session    include    system-auth
session    optional   pam_motd.so
session    optional   pam_mail.so          dir=/var/spool/mail standard quiet
session    optional   pam_umask.so
-session   optional   pam_systemd.so
session    required   pam_env.so

/etc/pam.d/system-auth

#%PAM-1.0

auth       required                    pam_faillock.so      preauth
# Optionally use requisite above if you do not want to prompt for the password
# on locked accounts.
-auth      [success=2 default=ignore]  pam_systemd_home.so
auth       [success=1 default=bad]     pam_unix.so          try_first_pass nullok
auth       [default=die]               pam_faillock.so      authfail
auth       optional                    pam_permit.so
auth       required                    pam_env.so
auth       required                    pam_faillock.so      authsucc
# If you drop the above call to pam_faillock.so the lock will be done also
# on non-consecutive authentication failures.

-account   [success=1 default=ignore]  pam_systemd_home.so
account    required                    pam_unix.so
account    optional                    pam_permit.so
account    required                    pam_time.so

-password  [success=1 default=ignore]  pam_systemd_home.so
password   required                    pam_unix.so          try_first_pass nullok shadow
password   optional                    pam_permit.so

-session   optional                    pam_systemd_home.so
session    required                    pam_limits.so
session    required                    pam_unix.so
session    optional                    pam_permit.so

To be honest, I do not have enough knowledge in PAM to say what's the difference, and why system-login works and not system-auth.
If you have any idea, let me know so i could produce a config for a working cinnamon-screensaver

seth

Member

Registered: 2012-09-03

Posts: 58,669

Re: Cinnamon-Screensaver not accepting password after display turn-off

I frankly suspect a fluke, but if not, the only thing maybe might be "session    optional   pam_loginuid.so"?
Revert the change to /etc/pam.d/cinnamon-screensaver and add "session    optional   pam_loginuid.so" above "session    include    system-auth", see whether the screensaver now still works (reliably)

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

xolider

Member

Registered: 2024-08-21

Posts: 4

Re: Cinnamon-Screensaver not accepting password after display turn-off

I frankly suspect a fluke, but if not, the only thing maybe might be "session    optional   pam_loginuid.so"?
Revert the change to /etc/pam.d/cinnamon-screensaver and add "session    optional   pam_loginuid.so" above "session    include    system-auth", see whether the screensaver now still works (reliably)

Hello,
This seems to work.

Here is the final configuration:

#%PAM-1.0

# Fedora & Arch
-auth      sufficient   pam_selinux_permit.so
auth       include      system-auth
-auth       optional     pam_gnome_keyring.so
account    include      system-auth
password   include      system-auth
session    include      system-auth
session    optional     pam_loginuid.so

# SuSE/Novell
#auth       include      common-auth
#auth       optional     pam_gnome_keyring.so
#account    include      common-account
#password   include      common-password
#session    include      common-session

seth

Member

Registered: 2012-09-03

Posts: 58,669

Re: Cinnamon-Screensaver not accepting password after display turn-off

You even put that on the bottm of the stack… can you actually reliably control the screensaver behavior by commenting that line, ie. "# session    optional     pam_loginuid.so" immediately breaks it and "session    optional     pam_loginuid.so" then immediately fixes it?

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc