Unable to unlock screen-locker after setting a user password

Support
1

I installed the kicksecure 18 iso on an old laptop and wanted to lock the screen when the lid closes.

At first I received this warning message:

Refusing to lock screen, because current account 'user' has no password set.
If the screen was locked, it would automatically unlock the moment any user input was received. Please set a password to enable screen locking.

So I creating a password & disabled auto-login for “user” in sysmaint.
Now I can now lock the screen as “user”, but no matter what I type into sway lock I’m told the password in wrong.

I tried changing the “user” password to a single numerical digit in case it’s some sort of keyboard layout issue, but that didn’t work either.

Then I tried removing the “user“ password, re-enabled auto-login and manually ran the sway lock command from /usr/bin/lock-screen in qterminal:

swaylock --color 000000 --image /usr/share/kicksecure/lock-screen-background.png --scaling fit

That brings up sway lock, but no matter what I type it still won’t unlock (contrary to the prior warning message)

1 Like
2

What keyboard layout are you using? Locking works fine for me with the us layout.

1 Like
3

I’m using the British gb layout.

1 Like
4

I was able to recreate this issue in virtualbox:

  1. Import the Kicksecure-LXQt-18.0.7.6.Intel_AMD64.ova
    1. Step_1
      Step_1737×611 54.5 KB
  2. Boot into sysmaint
  3. Create a user password
    1. Step_2
      Step_21970×1215 80 KB
  4. disable autologin for user
    1. Step_3
      Step_31970×1215 114 KB
  5. shutdown and restart the VM
  6. use the new password to login into user
    1. Step_4
      Step_41970×1215 35.7 KB
  7. lock the screen
    1. Step_5
      Step_51970×1215 148 KB
  8. type in the new password and hit enter (this will fail)
    1. Step_6
      Step_61970×1215 70.4 KB
2 Likes
5

Thanks, this is very helpful. I’ll reproduce on my end and see if I can fix the problem. (I wonder if our PAM hardening accidentally broke the screen locker.)

1 Like
6

Confirmed, this is definitely a PAM hardening bug. It turns out that Swaylock runs PAM modules as an unprivileged user, which the block-unsafe-logins mechanism is not designed to handle.

This should be semi-easy to fix thankfully.

Edit: Fix, not yet merged into Kicksecure’s code:

3 Likes