You are not logged in.

Pages: 1

#1 2024-12-06 19:59:24

MachineMonkeys
Member
Registered: 2024-11-27
Posts: 1

Rapid Faillock Offenses Upon Logout

Title: User Account Temporarily Locked Due to Rapid Faillock Offenses Upon Logout

Hello Arch Linux Community,

I'm encountering an issue where a user is unable to log back into their account the next morning because their account is temporarily locked (`faillock`). Notably, all `faillock` offenses occurred within less than a second around the time the user logged off.

Here are the details:

Description:
- A user logs out of their session.
- The following morning, the user attempts to log in but finds their account temporarily locked.
- Investigation shows that all `faillock` offenses happened almost simultaneously at the time of logout.

Symptoms:
- Unable to log in due to `faillock` restrictions.
- Multiple failed login attempts recorded within a very short timeframe coinciding with logout time.

Logs:
Below are the relevant log entries captured at the exact moment the `faillock` was triggered:


Dec  5 17:11:55 hostname systemd[1371763]: Stopping D-Bus User Message Bus...
Dec  5 17:11:55 hostname gvfsd[517833]: A connection to the bus can't be made
Dec  5 17:11:55 hostname gvfsd[1262543]: A connection to the bus can't be made
Dec  5 17:11:55 hostname gvfsd[1262197]: A connection to the bus can't be made
Dec  5 17:11:55 hostname gvfsd[914854]: A connection to the bus can't be made
Dec  5 17:11:55 hostname gdm-password][511930]: pam_unix(gdm-password:session): session closed for user bob
Dec  5 17:11:55 hostname systemd[1371763]: xdg-permission-store.service: Main process exited, code=exited, status=1/FAILURE
Dec  5 17:11:55 hostname gdm-password][511930]: pam_unix(gdm-password:session): session closed for user bob
Dec  5 17:11:55 hostname systemd[1371763]: xdg-permission-store.service: Failed with result 'exit-code'.
Dec  5 17:11:55 hostname systemd[1]: run-user-20443-gvfs.mount: Succeeded.
Dec  5 17:11:55 hostname systemd[1371763]: Stopped D-Bus User Message Bus.
Dec  5 17:11:55 hostname systemd[1371763]: Started D-Bus User Message Bus.
Dec  5 17:11:55 hostname systemd[1]: run-user-20443-doc.mount: Succeeded.
Dec  5 17:11:55 hostname polkitd[1501]: Unregistered Authentication Agent for unix-session:796 (system bus name :1.28430, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Dec  5 17:11:55 hostname polkitd[1501]: Unregistered Authentication Agent for unix-session:796 (system bus name :1.28430, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Dec  5 17:11:55 hostname tracker-store[519282]: Received signal:15->'Terminated'
Dec  5 17:11:55 hostname tracker-store[519282]: OK
Dec  5 17:11:55 hostname systemd[1371763]: xdg-document-portal.service: Main process exited, code=exited, status=20/n/a
Dec  5 17:11:55 hostname systemd[1371763]: xdg-document-portal.service: Failed with result 'exit-code'.
Dec  5 17:11:55 hostname gdm-password][3908185]: pam_unix(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname gdm-password][3908185]: pam_unix(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname gdm-password][3298505]: pam_unix(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname gdm-password][3298505]: pam_unix(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname gdm-password][4174001]: pam_unix(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname gdm-password][4174001]: pam_unix(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname gdm-password][4174029]: pam_unix(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname gdm-password][4174029]: pam_unix(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname gdm-password][816239]: pam_unix(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname gdm-password][816239]: pam_unix(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname systemd-logind[6444]: Session 796 logged out. Waiting for processes to exit.
Dec  5 17:11:55 hostname gdm-password][3256756]: pam_unix(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname gdm-password][3256756]: pam_unix(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname gdm-password][816239]: pam_unix(gdm-password:auth): auth could not identify password for [bob]
Dec  5 17:11:55 hostname gdm-password][816239]: pam_unix(gdm-password:auth): auth could not identify password for [bob]
Dec  5 17:11:55 hostname gdm-password][3908185]: pam_unix(gdm-password:auth): auth could not identify password for [bob]
Dec  5 17:11:55 hostname gdm-password][3908185]: pam_unix(gdm-password:auth): auth could not identify password for [bob]
Dec  5 17:11:55 hostname gdm-password][4174029]: pam_unix(gdm-password:auth): auth could not identify password for [bob]
Dec  5 17:11:55 hostname gdm-password][4174029]: pam_unix(gdm-password:auth): auth could not identify password for [bob]
Dec  5 17:11:55 hostname gdm-password][3298505]: pam_unix(gdm-password:auth): auth could not identify password for [bob]
Dec  5 17:11:55 hostname gdm-password][3298505]: pam_unix(gdm-password:auth): auth could not identify password for [bob]
Dec  5 17:11:55 hostname gdm-password][4174001]: pam_unix(gdm-password:auth): auth could not identify password for [bob]
Dec  5 17:11:55 hostname gdm-password][4174001]: pam_unix(gdm-password:auth): auth could not identify password for [bob]
Dec  5 17:11:55 hostname gdm-password][3256756]: pam_unix(gdm-password:auth): auth could not identify password for [bob]
Dec  5 17:11:55 hostname gdm-password][3256756]: pam_unix(gdm-password:auth): auth could not identify password for [bob]
Dec  5 17:11:55 hostname systemd[1]: Created slice User Slice of UID 42.
Dec  5 17:11:55 hostname systemd[1]: Starting User runtime directory /run/user/42...
Dec  5 17:11:55 hostname systemd-logind[6444]: New session c748 of user gdm.
Dec  5 17:11:55 hostname systemd[1]: Started User runtime directory /run/user/42.
Dec  5 17:11:55 hostname systemd[1]: Starting User Manager for UID 42...
Dec  5 17:11:55 hostname systemd[738282]: pam_unix(systemd-user:session): session opened for user gdm by (uid=0)
Dec  5 17:11:55 hostname systemd[738282]: pam_unix(systemd-user:session): session opened for user gdm by (uid=0)
Dec  5 17:11:55 hostname gdm-password][3256756]: pam_duo(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname gdm-password][3256756]: pam_duo(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname gdm-password][3298505]: pam_duo(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname gdm-password][3298505]: pam_duo(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname gdm-password][3298505]: gkr-pam: no password is available for user
Dec  5 17:11:55 hostname gdm-password][3298505]: gkr-pam: no password is available for user
Dec  5 17:11:55 hostname gdm-password][3256756]: gkr-pam: no password is available for user
Dec  5 17:11:55 hostname gdm-password][3256756]: gkr-pam: no password is available for user
Dec  5 17:11:55 hostname gdm-password][4174001]: pam_duo(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname gdm-password][4174001]: pam_duo(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname gdm-password][4174001]: gkr-pam: no password is available for user
Dec  5 17:11:55 hostname gdm-password][4174001]: gkr-pam: no password is available for user
Dec  5 17:11:55 hostname gdm-password][816239]: pam_duo(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname gdm-password][816239]: pam_duo(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname gdm-password][816239]: gkr-pam: no password is available for user
Dec  5 17:11:55 hostname gdm-password][816239]: gkr-pam: no password is available for user
Dec  5 17:11:55 hostname gdm-password][3908185]: pam_duo(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname gdm-password][3908185]: pam_duo(gdm-password:auth): conversation failed
Dec  5 17:11:55 hostname gdm-password][3908185]: pam_faillock(gdm-password:auth): Consecutive login failures for user bob account temporarily locked
Dec  5 17:11:55 hostname gdm-password][3908185]: pam_faillock(gdm-password:auth): Consecutive login failures for user bob account temporarily locked
Dec  5 17:11:55 hostname gdm-password][3908185]: gkr-pam: no password is available for user
Dec  5 17:11:55 hostname gdm-password][3908185]: gkr-pam: no password is available for user

Last edited by MachineMonkeys (2024-12-06 20:04:03)

Offline

#2 2024-12-07 09:02:41

seth
Member
Registered: 2012-09-03
Posts: 59,882

Re: Rapid Faillock Offenses Upon Logout

The obvious contender seems pam_duo? (fringeness factor)

Otherwise:

Below are the relevant log entries captured at the exact moment the `faillock` was triggered:

How about "all" log entries?

sudo journalctl -b | curl -F 'file=@-' 0x0.st

Also what does /etc/pam.d/gdm-password look like? Any gkr-related manipulations?

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

Pages: 1

Board footer

Powered by FluxBB