You are not logged in.
Hi everyone,
I am trying to set the "Start charging once below" value in KDE's settings Power Management -> Advanced Power Settings. It asks for my password, but then it does not accept it. I am sure I typed the password correctly.
I am sure in the past I could set this value, and I am sure it was set to 60%, but after some update in the past few months it reset to 100%. I observed it accidentally and now I cannot change the value.
Any idea why the password is not accepted? My password works just fine in any context (login, unlock, terminal, etc.).
Operating System: Arch Linux
KDE Plasma Version: 6.4.5
KDE Frameworks Version: 6.18.0
Qt Version: 6.9.2
Kernel Version: 6.16.7-arch1-1 (64-bit)
Graphics Platform: Wayland
Processors: 8 × Intel® Core™ Ultra 7 258V
Memory: 32 GiB of RAM (30.8 GiB usable)
Graphics Processor: Intel® Graphics
Manufacturer: LENOVO
Product Name: 21NS004QRI
System Version: ThinkPad X1 Carbon Gen 13
Last edited by patkoscsaba (2025-09-16 07:12:35)
Gigabyte Z890 Aorus Master Motherboard | Intel Core Ultra 9 285K | Corsair 128 GB RAM | Seagate 1TB M.2 | Seagate 2TB M.2 | Corsair 2TB M.2 | Intel Battlemage G21 [Arc B580]
Offline
usr/share/polkit-1/actions/org.kde.powerdevil.chargethresholdhelper.policy
<allow_inactive>no</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
How do you start plasma?
loginctl session-status
echo $DBUS_SESSION_BUS_ADDRESS
Offline
Are you sure it's asking for *your* password? It should be asking for the root password AFAIK.
Offline
It asks for an admin authorization, by default members of the wheel group.
https://wiki.archlinux.org/title/Polkit … identities
Speaking of which…
groups
Offline
Right, root only by default but can be others. I just tried it, it specifically tells you the user it's asking to authenticate as.
Offline
Wow. Thank you all for the many replies. I will answer all of you in a single message:
1. /usr/share/polkit-1/actions/org.kde.powerdevil.chargethresholdhelper.policy has the content as in your example
2. I start plasma with sddm systemd service
3.
[csaba@csaba-laptop ~]$ loginctl session-status
echo $DBUS_SESSION_BUS_ADDRESS
2 - csaba (1000)
Since: Mon 2025-09-15 19:03:18 EEST; 52min ago
State: active
Leader: 722 (sddm-helper)
Seat: seat0; vc1
TTY: tty1
Remote: no
Service: sddm
Type: wayland
Class: user
Desktop: KDE
Idle: no
Unit: session-2.scopeh
├─722 /usr/lib/sddm/sddm-helper --socket /tmp/sddm-auth-343e253e-5406-4c5a-8201-e2cccb4b7bed --id 1 --start "/usr/lib/plasma-dbus-run-session-if-ne>
├─767 /usr/bin/ksecretd --pam-login 12 13
└─768 /usr/bin/startplasma-wayland
Sep 15 19:03:19 csaba-laptop systemd[1]: Started Session 2 of User csaba.
Sep 15 19:03:19 csaba-laptop sddm-helper[766]: pam_kwallet5: final socket path: /run/user/1000/kwallet5.socket
Sep 15 19:03:19 csaba-laptop sddm-helper[768]: Jumping to VT 1
Sep 15 19:03:19 csaba-laptop sddm-helper[768]: VT mode didn't need to be fixed
Sep 15 19:03:21 csaba-laptop ksecretd[767]: kf.wallet.ksecretd: Wallet failed to get opened by PAM, error code is -9
unix:path=/run/user/1000/bus
4.
[csaba@csaba-laptop ~]$ echo $DBUS_SESSION_BUS_ADDRESS
unix:path=/run/user/1000/bus
5.
[csaba@csaba-laptop ~]$ groups
csaba wheel
6. When I click apply, it explicitly asks for my user's password
Some additional info. I didn't see this problem in other places where my password is asked.
I a also set sudoers to not ask for a password when I do sudo in terminal.
[csaba@csaba-laptop ~]$ cat /etc/passwd | grep csaba
csaba:x:1000:1000:Patkós Csaba:/home/csaba:/usr/bin/bash
[csaba@csaba-laptop ~]$ cat /etc/group | grep csaba
wheel:x:998:csaba
csaba:x:1000:
[csaba@csaba-laptop ~]$ cat /etc/sddm.conf
EnablePAM=true
[csaba@csaba-laptop ~]$ find /etc/pam.d/* | xargs -n 1 cat
#%PAM-1.0
auth sufficient pam_rootok.so
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so
password required pam_permit.so
#%PAM-1.0
auth sufficient pam_rootok.so
account required pam_permit.so
password include system-auth
#%PAM-1.0
auth sufficient pam_rootok.so
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so
password required pam_permit.so
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so
#%PAM-1.0
auth sufficient pam_rootok.so
account required pam_permit.so
password include system-auth
#%PAM-1.0
auth include system-local-login
account include system-local-login
password include system-local-login
session include system-local-login
#%PAM-1.0
auth required pam_shells.so
auth requisite pam_nologin.so
auth requisite pam_faillock.so preauth
-auth required pam_fprintd.so max-tries=10
auth optional pam_permit.so
auth required pam_env.so
account include system-local-login
password required pam_deny.so
session include system-local-login
#%PAM-1.0
auth requisite pam_nologin.so
auth requisite pam_faillock.so preauth
-auth required pam_pkcs11.so wait_for_card card_only
auth required pam_shells.so
auth optional pam_permit.so
auth required pam_env.so
account include system-local-login
password required pam_deny.so
session include system-local-login
#%PAM-1.0
auth requisite pam_nologin.so
auth include system-local-login
account include system-local-login
session include system-local-login
password include system-local-login
#%PAM-1.0
auth sufficient pam_rootok.so
account required pam_permit.so
password include system-auth
#%PAM-1.0
auth required pam_deny.so
auth required pam_warn.so
account required pam_deny.so
account required pam_warn.so
password required pam_deny.so
password required pam_warn.so
session required pam_deny.so
session required pam_warn.so
#%PAM-1.0
auth include system-auth
account include system-auth
password include system-auth
#%PAM-1.0
auth required pam_securetty.so
auth requisite pam_nologin.so
auth include system-remote-login
account include system-remote-login
session include system-remote-login
password include system-remote-login
#%PAM-1.0
auth sufficient pam_rootok.so
session include system-login
#%PAM-1.0
auth sufficient pam_rootok.so
session include system-login
#%PAM-1.0
# These two lines enable both password and fingerprint authentication for login
auth [success=1 new_authtok_reqd=1 default=ignore] pam_unix.so try_first_pass likeauth nullok nodelay
auth sufficient pam_fprintd.so nodelay max-tries=10
auth include system-login nodelay
-auth optional pam_gnome_keyring.so
-auth optional pam_kwallet5.so
account include system-login
password include system-login
-password optional pam_gnome_keyring.so use_authtok
session optional pam_keyinit.so force revoke
session include system-login
-session optional pam_gnome_keyring.so auto_start
-session optional pam_kwallet5.so auto_start
#%PAM-1.0
auth required pam_env.so
auth required pam_faillock.so preauth
auth required pam_shells.so
auth required pam_nologin.so
auth required pam_permit.so
-auth optional pam_gnome_keyring.so
-auth optional pam_kwallet5.so
account include system-local-login
password include system-local-login
session include system-local-login
-session optional pam_gnome_keyring.so auto_start
-session optional pam_kwallet5.so auto_start
#%PAM-1.0
# Load environment from /etc/environment and ~/.pam_environment
auth required pam_env.so
# Always let the greeter start without authentication
auth required pam_permit.so
# No action required for account management
account required pam_permit.so
# Can't change password
password required pam_deny.so
# Setup session
session required pam_unix.so
session optional pam_systemd.so
#%PAM-1.0
auth include system-remote-login
account include system-remote-login
password include system-remote-login
session include system-remote-login
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so
password include system-auth
#%PAM-1.0
auth include system-auth
account include system-auth
session include system-auth
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so
password include system-auth
#%PAM-1.0
#auth required pam_faillock.so preauth
# Optionally use requisite above if you do not want to prompt for the password
# on locked accounts.
-auth [success=2 default=ignore] pam_systemd_home.so
auth [success=1 default=bad] pam_unix.so try_first_pass nullok nodelay
#auth [default=die] pam_faillock.so authfail nodelay
auth optional pam_permit.so
auth required pam_env.so
#auth required pam_faillock.so authsucc
# If you drop the above call to pam_faillock.so the lock will be done also
# on non-consecutive authentication failures.
-account [success=1 default=ignore] pam_systemd_home.so
account required pam_unix.so
account optional pam_permit.so
account required pam_time.so
-password [success=1 default=ignore] pam_systemd_home.so
password required pam_unix.so try_first_pass nullok shadow
password optional pam_permit.so
-session optional pam_systemd_home.so
session required pam_limits.so
session required pam_unix.so
session optional pam_permit.so
#%PAM-1.0
auth include system-login
account include system-login
password include system-login
session include system-login
#%PAM-1.0
auth required pam_shells.so
auth requisite pam_nologin.so
auth include system-auth
account required pam_access.so
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_loginuid.so
session optional pam_keyinit.so force revoke
session include system-auth
session optional pam_lastlog2.so silent
session optional pam_motd.so
session optional pam_mail.so dir=/var/spool/mail standard quiet
session optional pam_umask.so
-session optional pam_systemd.so
session required pam_env.so
#%PAM-1.0
auth include system-login
account include system-login
password include system-login
session include system-login
#%PAM-1.0
auth sufficient pam_permit.so
account include system-auth
session optional pam_loginuid.so
session required pam_limits.so
session required pam_unix.so
session optional pam_permit.so
session required pam_env.so
#%PAM-1.0
auth required pam_unix.so
account required pam_unix.so
password required pam_unix.so
session required pam_unix.so
Gigabyte Z890 Aorus Master Motherboard | Intel Core Ultra 9 285K | Corsair 128 GB RAM | Seagate 1TB M.2 | Seagate 2TB M.2 | Corsair 2TB M.2 | Intel Battlemage G21 [Arc B580]
Offline
Keyboard yet?
https://wiki.archlinux.org/title/KDE#Pl … e_settings
In doubt try to change your password to sth. qwerty-safe like
Offline
I tried to delete, log out, log in, reverify the file. The contents of the file is the same as before deletion. With my original password it is still not working.
[csaba@csaba-laptop ~]$ cat ~/.config/plasma-localerc
[Formats]
LANG=en_US.UTF-8
Then I tried to change my password ... and that asks for the old password, and in that pop-up in KDE user settings, my current password is also not accepted. So, it seems like this issue appears in multiple places after all, not just the battery/charging settings.
Gigabyte Z890 Aorus Master Motherboard | Intel Core Ultra 9 285K | Corsair 128 GB RAM | Seagate 1TB M.2 | Seagate 2TB M.2 | Corsair 2TB M.2 | Intel Battlemage G21 [Arc B580]
Offline
and that asks for the old password, and in that pop-up in KDE user settings
Offline
And then I changed my password with `passwd` from the CLI. I've set it to only letters and one space character, and I avoided any "y" or "z" in the password. It is still not working in popups on the battery page or on the change password page. The new password works in CLI or to log in on the SDDM login page without any issues.
Gigabyte Z890 Aorus Master Motherboard | Intel Core Ultra 9 285K | Corsair 128 GB RAM | Seagate 1TB M.2 | Seagate 2TB M.2 | Corsair 2TB M.2 | Intel Battlemage G21 [Arc B580]
Offline
pkexec date
Offline
I fixed the issue with Gemini AI. It seems like I was missing polkit-1 file for some reason.
[csaba@csaba-laptop ~]$ sudo tee /etc/pam.d/polkit-1 > /dev/null <<'EOF'
#%PAM-1.0
auth include system-login
account include system-login
password include system-login
session include system-login
EOF
Gigabyte Z890 Aorus Master Motherboard | Intel Core Ultra 9 285K | Corsair 128 GB RAM | Seagate 1TB M.2 | Seagate 2TB M.2 | Corsair 2TB M.2 | Intel Battlemage G21 [Arc B580]
Offline
pacman -Qikk polkit
sudo LC_ALL=C pacman -Qkk | grep -v ', 0 altered files' | grep -v backup
Offline