Unable to unlock screen-locker after setting a user password

RebornRider · December 2, 2025, 5:00pm

I installed the kicksecure 18 iso on an old laptop and wanted to lock the screen when the lid closes.

At first I received this warning message:

Refusing to lock screen, because current account 'user' has no password set.
If the screen was locked, it would automatically unlock the moment any user input was received. Please set a password to enable screen locking.

So I creating a password & disabled auto-login for “user” in sysmaint.
Now I can now lock the screen as “user”, but no matter what I type into sway lock I’m told the password in wrong.

I tried changing the “user” password to a single numerical digit in case it’s some sort of keyboard layout issue, but that didn’t work either.

Then I tried removing the “user“ password, re-enabled auto-login and manually ran the sway lock command from /usr/bin/lock-screen in qterminal:

swaylock --color 000000 --image /usr/share/kicksecure/lock-screen-background.png --scaling fit

That brings up sway lock, but no matter what I type it still won’t unlock (contrary to the prior warning message)

arraybolt3 · December 2, 2025, 6:37pm

What keyboard layout are you using? Locking works fine for me with the us layout.

RebornRider · December 2, 2025, 6:56pm

I’m using the British gb layout.

RebornRider · December 2, 2025, 9:31pm

I was able to recreate this issue in virtualbox:

Import the Kicksecure-LXQt-18.0.7.6.Intel_AMD64.ova
1. Step_1737×611 54.5 KB
Boot into sysmaint
Create a user password
1. Step_21970×1215 80 KB
disable autologin for user
1. Step_31970×1215 114 KB
shutdown and restart the VM
use the new password to login into user
1. Step_41970×1215 35.7 KB
lock the screen
1. Step_51970×1215 148 KB
type in the new password and hit enter (this will fail)
1. Step_61970×1215 70.4 KB

arraybolt3 · December 3, 2025, 12:21am

Thanks, this is very helpful. I’ll reproduce on my end and see if I can fix the problem. (I wonder if our PAM hardening accidentally broke the screen locker.)

arraybolt3 · December 3, 2025, 12:49am

Confirmed, this is definitely a PAM hardening bug. It turns out that Swaylock runs PAM modules as an unprivileged user, which the block-unsafe-logins mechanism is not designed to handle.

This should be semi-easy to fix thankfully.

Edit: Fix, not yet merged into Kicksecure’s code: