[SOLVED] SDDM Authentication failure

SD · 2025-01-04 15:58:34

Hello,

I am using Arch Linux 6.12.8 and was trying to implement fingerprint unlocking without success on sddm, sudo and hyprlock. I might have edited a file too many, probably sddm itself meaning I can't login through the graphical display nor through tty anymore. Before rebooting, I had no issue with sudo or other permissions inside the system meaning the problem seems to be localized entirely in the sddm portion of it. I have since deleted the fingerprint validation since it was not working and preventing me from logging in on sddm altogether through Live CD. This, however, did not solve the issue. It is recognizing the login itself because with a wrong password it yields "Login incorrect" but with the correct one it gives "Authentication Failure". I have checked the sddm page but no particular mention of this issue.

These are my sddm.conf and sddm files, located in /etc/pam.d and /etc/sddm.conf.d respectively:

[Autologin]
# Whether sddm should automatically log back into sessions when they exit
#Relogin=false

# Name of session file for autologin session
#Session=

# Username for autologin session
User=

[General]
# Enable Qt's automatic high-DPI scaling
#EnableHiDPI=false

# Halt command
#HaltCommand=/usr/bin/systemctl poweroff

# Initial NumLock state. Can be on, off or none.
# If property is set to none, numlock won't be changed
# NOTE: Currently ignored if autologin is enabled.
#Numlock=none

# Reboot command
#RebootCommand=/usr/bin/systemctl reboot

# Control x11/wayland startup
# DisplayServer=wayland

[Theme]
# Current theme name
# Current=01-breeze-fedora
Current=sequoia

# Cursor theme used in the greeter
#CursorTheme=

# Number of users to use as threshold
# above which avatars are disabled
# unless explicitly enabled with EnableAvatars
#DisableAvatarsThreshold=7

# Enable display of custom user avatars
#EnableAvatars=true

# Global directory for user avatars
# The files should be named <username>.face.icon
#FacesDir=/usr/share/sddm/faces

# Theme directory path
# ThemeDir=/usr/share/sddm/themes


[Users]
# Default $PATH for logged in users
#DefaultPath=/usr/local/bin:/usr/bin:/bin

# Comma-separated list of shells.
# Users with these shells as their default won't be listed
#HideShells=

# Comma-separated list of users that should not be listed
#HideUsers=

# Maximum user id for displayed users
#MaximumUid=60000

# Minimum user id for displayed users
#MinimumUid=1000

# Remember the session of the last successfully logged in user
#RememberLastSession=true

# Remember the last successfully logged in user
#RememberLastUser=true


[Wayland]
# Path to a script to execute when starting the desktop session
#SessionCommand=/etc/sddm/wayland-session

# Directory containing available Wayland sessions
#SessionDir=/usr/share/wayland-sessions

# Path to the user session log file
#SessionLogFile=.cache/wayland-errors


[X11]
# Path to a script to execute when starting the display server
#DisplayCommand=/etc/sddm/Xsetup

# Path to a script to execute when stopping the display server
#DisplayStopCommand=/etc/sddm/Xstop

# The lowest virtual terminal number that will be used.
#MinimumVT=1

# Arguments passed to the X server invocation
#ServerArguments=-nolisten tcp

# Path to X server binary
#ServerPath=/usr/bin/X

# Path to a script to execute when starting the desktop session
#SessionCommand=/etc/X11/xinit/Xsession

# Directory containing available X sessions
#SessionDir=/usr/share/xsessions

# Path to the user session log file
#SessionLogFile=.cache/xsession-errors

# Path to the Xauthority file
#UserAuthFile=.Xauthority

# Path to xauth binary
#XauthPath=/usr/bin/xauth

# Path to Xephyr binary
#XephyrPath=/usr/bin/Xephyr

#%PAM-1.0

auth        include     system-login
-auth       optional    pam_gnome_keyring.so
-auth       optional    pam_kwallet5.so

account     include     system-login

password    include     system-login
-password   optional    pam_gnome_keyring.so    use_authtok

session     optional    pam_keyinit.so          force revoke
session     include     system-login
-session    optional    pam_gnome_keyring.so    auto_start
-session    optional    pam_kwallet5.so         auto_start

If someone has any idea what the issue might be or can point me in the right direction to correct it, I would appreciate it.

Best regards,
SD

Edit:
Update - it was solved via chrooting through live CD, deleting system-login, system-local-login and system-auth and reinstalling pambase, which created new files

Last edited by SD (2025-01-06 08:27:50)

SD · 2025-01-05 13:20:04

UPDATE:
I managed to chroot, disabled and enabled sddm and also added another user to check the issue. Neither graphical nor tty works still but it still gives the "Authentication Failure" when I input the correct password. I also updated, did pacman-Syu and also updated BIOS and fingerprint firmware through live CD on Lubuntu. Given that no new user is accepted either and goes beyond just the graphical display or any possible messed up update, I believe that the issue might actually be in another file in pam.d, namely system-login, given that sddm itself asks for it. In my pam.d I have these files: astal-auth, chfn, chpasswd, chsh, crond, greetd, groupmens, hyprlock, login, newusers, other, passwd, remote, runuser, runuser-l, sddm, sddm-autologin, sshd, sshd-shadowutils, su, su-l, sudo, system-auth, system-auth-ac, system-local-login, system-login, system-login-ac, system-remote-login, system-services, systemd-user and vlock. Given that sddm calls on system-login and sddm-autologin on system-local-login, here are the inputs of those 2 files, that I think may be causing issues for the login process itself, on sddm.
system-local-login

#%PAM-1.0

auth	  required  pam_unix.so
auth      include   system-login
account   include   system-login
password  include   system-login
session   include   system-login

system-login

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.


session     [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
session     [default=1]   pam_lastlog.so nowtmp showfailed
session     optional      pam_lastlog.so silent noupdate showfailed

seth · 2025-01-05 16:37:12

First let's see what critical files you've altered

pacman -Qkk pam pambase sddm

Explcitily re-installing those packages and replacing the local altered configs w/ the .pacnew ones will likely restore functional behavior, but if that's your entire system-login, it's broken.
(where's the auth, account and password stuff?)

What is "authconfig"?
https://aur.archlinux.org/packages/authconfig ???

SD · 2025-01-05 16:56:29

sddm is in /etc/pam.d, sddm.conf is in /etc/sddm.conf.d
I don't see any pambase folder or file. I'm trying to compare it to a roll-back from snapper that I seem to have from a few days ago and sddm.conf seems the same but the system-login not at all and have 2 more files, namely sshd-shadowutils and system-login-ac. Might they be causing troubles? As for restoring as snapshot, I'm not sure how to do that and worrying it might just wipe it all, that's why I'm just using it to compare.
So from what I understand, I should chroot through live CD on arch install (currently using Lubuntu, for easier graphical comparison), do authconfig in order to reinstall/restore all 3 packages you mentioned?

V1del · 2025-01-05 17:25:40

No you reinstall those packages, which will generate .pacnew files containing the package defaults and you replace the corresponding files with their (now correct) .pacnew files as they come from the packages.

You should also post the output of that command, it will show which files you've altered.

Last edited by V1del (2025-01-05 17:26:42)

SD · 2025-01-05 17:31:52

OK, I think I get the gist of it. But to do pacman, I need to be chrooted with an Arch Linux live CD, right?

V1del · 2025-01-05 19:45:16

yes, assuming you cannot actually login anymore on the real system with whatever your changes were no?

Last edited by V1del (2025-01-05 19:46:00)

SD · 2025-01-05 21:44:52

Yes, that's it. I just chrooted and here's the output of the command

 pacman -Qkk pam pambase sddm

:

backup file: pam: /etc/security/faillock.conf (Modification time mismatch)
backup file: pam: /etc/security/faillock.conf (SHA256 checksum mismatch)
pam: 605 total files, 0 altered files
warning: pambase: /etc/pam.d/system-auth (File type mismatch)
backup file: pambase: /etc/pam.d/system-local-login (Modification time mismatch)
backup file: pambase: /etc/pam.d/system-local-login (Size mismatch)
backup file: pambase: /etc/pam.d/system-local-login (SHA256 checksum mismatch)
warning: pambase: /etc/pam.d/system-login (File type mismatch)
pambase: 8 total files, 2 altered files
backup file: sddm: /etc/pam.d/sddm (Modification tyme mismatch)
sddm: 251 total files, 0 altered files

What I gather from these results is that I changed something on system-local-login and system-login and that is causing the issue and not being able to login, is that it? So now, do the authconfig to substitute the files I changed into the defaults?

seth · 2025-01-05 21:54:11

that is causing the issue and not being able to login

Yes.

do the authconfig to substitute the files I changed into the defaults?

Idk what that too is, but don't run it again.
Reinstall pambase and restore /etc/pam.d/system-local-login /etc/pam.d/system-login and /etc/pam.d/system-auth and probably from the *.pacnew files that leaves behind.
Also possibly reinstall sddm and file /etc/pam.d/sddm likewise.

Then see https://wiki.archlinux.org/title/Fprint … figuration and if you struggle w/ that, open a new thread about configuring your fingerprint pam.

Do NOT! run random stuff to configure pam and everytime playing w/ the pam config it's a very good idea to keep a root shell on a different TTY open to be able to apply fixes.

SD · 2025-01-05 21:59:58

reinstall, doing a simple

 pacman -S pambase

from the chroot? Then access the files it generates and substitute them on the folder?
As for the fingerprint, gonna leave that alone for now, really not worth these issues.
I think I misunderstood what you meant. You were asking about authconfig and showed me that link. I hadn't realized you were just asking what it was. I did not install any authconfig at any point, I am just asking about the .pacnew files? I suppose just reinstalling pambase and sddm will be enough, right?

Last edited by SD (2025-01-05 22:10:41)

SD · 2025-01-05 22:42:51

I did a reinstall of pambase and sddm using the pacman -S command but I can't find any *.pacnew files it generated anywhere. None from etc/pam, only from mirrorlist.pacnew

Last edited by SD (2025-01-05 22:54:30)

seth · 2025-01-05 22:49:16

ls /etc/pam.d/*pacnew
pacman -Qikk pambase

SD · 2025-01-05 22:59:34

No, that first command only yields

 ls: cannot access '/etc/pam.d/*pacnew' : No such file or directory

and the second only the description for pambase and the same thing as before, 8 total files, 2 altered files

seth · 2025-01-05 23:03:50

Remove /etc/pam.d/system-local-login /etc/pam.d/system-login and /etc/pam.d/system-auth and re-install pambase.

SD · 2025-01-05 23:10:00

OK did just that, confirmed I removed the files and when I ran

 pacman -S pambase

it installed those 3 files again even though it output a warning that it could not get file information for each of them. To my understanding, that ought to have fixed the problem and I now should be able to login normally, is that right?

SD · 2025-01-05 23:16:53

I ran

 pacman -Qkk pam pambase sddm

again and now says 0 altered files in each of them but also

backup file: pam: /etc/security/faillock.conf (Modification time mismatch)
backup file: pam: /etc/security/faillock.conf (SHA256 checksum mismatch)

Last edited by SD (2025-01-05 23:19:43)

SD · 2025-01-06 00:04:49

It worked and have managed to login. Everything else seems to be working well. Thank you for the help! Shall I edit the title as [SOLVED] now?

V1del · 2025-01-06 01:04:00

You should, and instead of running random tools of questionable origin, should you attempt to redo the fingerprint support, please read the wiki first and make a thread about any uncertainties as they arise before hosing your login.

SD · 2025-01-06 08:25:49

I never actually did run authconfig, it was just a miscommunication issue. I did read the wiki, guess I was just too careless with the prompts and what files to change. In that aspect, it was indeed random on my end

seth · 2025-01-06 11:29:15

Then what did?

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.

SD · 2025-01-06 16:15:09

No idea. I assume it was due to me changing a configuration file I should not have and created that instead? That's my only guess

seth · 2025-01-06 17:27:16

Do you have authagent intalled?
The only other explanation is that you copied that file from some place on the internet?

SD · 2025-01-06 17:28:48

No, don't have that package at all and did not copy, I was just changing permissions to enable the fingerprint

Arch Linux

#1 2025-01-04 15:58:34

[SOLVED] SDDM Authentication failure

#2 2025-01-05 13:20:04

Re: [SOLVED] SDDM Authentication failure

#3 2025-01-05 16:37:12

Re: [SOLVED] SDDM Authentication failure

#4 2025-01-05 16:56:29

Re: [SOLVED] SDDM Authentication failure

#5 2025-01-05 17:25:40

Re: [SOLVED] SDDM Authentication failure

#6 2025-01-05 17:31:52

Re: [SOLVED] SDDM Authentication failure

#7 2025-01-05 19:45:16

Re: [SOLVED] SDDM Authentication failure

#8 2025-01-05 21:44:52

Re: [SOLVED] SDDM Authentication failure

#9 2025-01-05 21:54:11

Re: [SOLVED] SDDM Authentication failure

#10 2025-01-05 21:59:58

Re: [SOLVED] SDDM Authentication failure

#11 2025-01-05 22:42:51

Re: [SOLVED] SDDM Authentication failure

#12 2025-01-05 22:49:16

Re: [SOLVED] SDDM Authentication failure

#13 2025-01-05 22:59:34

Re: [SOLVED] SDDM Authentication failure

#14 2025-01-05 23:03:50

Re: [SOLVED] SDDM Authentication failure

#15 2025-01-05 23:10:00

Re: [SOLVED] SDDM Authentication failure

#16 2025-01-05 23:16:53

Re: [SOLVED] SDDM Authentication failure

#17 2025-01-06 00:04:49

Re: [SOLVED] SDDM Authentication failure

#18 2025-01-06 01:04:00

Re: [SOLVED] SDDM Authentication failure

#19 2025-01-06 08:25:49

Re: [SOLVED] SDDM Authentication failure

#20 2025-01-06 11:29:15

Re: [SOLVED] SDDM Authentication failure

#21 2025-01-06 16:15:09

Re: [SOLVED] SDDM Authentication failure

#22 2025-01-06 17:27:16

Re: [SOLVED] SDDM Authentication failure

#23 2025-01-06 17:28:48

Re: [SOLVED] SDDM Authentication failure

Board footer