Bug 931816

Summary: KDE 5.2 plasma unlock failed
Product: [openSUSE] openSUSE Tumbleweed Reporter: Forgotten User ePzx_2Fpp4 <forgotten_ePzx_2Fpp4>
Component: KDE Workspace (Plasma)Assignee: E-mail List <kde-maintainers>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: forgotten_DV81ZEWZkN, kde-maintainers, wbauer
Version: Current   
Target Milestone: ---   
Hardware: x86-64   
OS: SUSE Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Forgotten User ePzx_2Fpp4 2015-05-21 09:59:30 UTC 
I am using the latest thumbleweed OpenSuSE distro. After upgrading KDE 5.2 was installed. Unfortunately for normal users unlocking the locked session always failed. For root users everything is working. I have changed passwords, but with no change in effect.
Comment 1 Wolfgang Bauer 2015-05-21 11:50:26 UTC 
(In reply to Michael Karbach from comment #0)
> I am using the latest thumbleweed OpenSuSE distro. After upgrading KDE 5.2
> was installed.

Shouldn't this be Plasma 5.3? ;)

> Unfortunately for normal users unlocking the locked session
> always failed. For root users everything is working. I have changed
> passwords, but with no change in effect.

Likely a problem with your PAM configuration. Please check whether you have *.rpmnew files in /etc/pam.d/.

This shouldn't be a problem with a fresh installation, but if you upgraded your system from earlier openSUSE versions (<= 12.3 I think), you might still have pam_unix2.so in there which causes problems (insufficient privileges) for Plasma 5's screenlocker.
Changing it to pam_unix.so should help.
For reference, my files on 13.2 contain this:
/etc/pam.d/common-account:
account       required        pam_unix.so     try_first_pass
(and similar for common-auth, -password, and -session)

Not sure what to do about this though (or whether anything can/should be done at all).

Leaving this bug report open therefore, it is a valid problem IMHO.

But @kde-maintainers: maybe we should reassign it to Basesystem or similar?
It's not strictly a KDE issue, depending on the POV.
Comment 2 Forgotten User DV81ZEWZkN 2015-05-21 18:45:42 UTC 
The way i see it:
1) if pam reads only files delivered by openSUSE, then %config(noreplace) needs to remain
2) if that's not the case, we need it SUID distro wide (bug 926267)

user options:
1) 'fix' your pam config
2) add kcheckpass location to /etc/permissions.local, and run chkstat

*** This bug has been marked as a duplicate of bug 931296 ***
Comment 3 Forgotten User ePzx_2Fpp4 2015-05-22 09:12:28 UTC 
(In reply to Wolfgang Bauer from comment #1)
> (In reply to Michael Karbach from comment #0)
> > I am using the latest thumbleweed OpenSuSE distro. After upgrading KDE 5.2
> > was installed.
> 
> Shouldn't this be Plasma 5.3? ;)

of course ;-)


> > Unfortunately for normal users unlocking the locked session
> > always failed. For root users everything is working. I have changed
> > passwords, but with no change in effect.
> 
> Likely a problem with your PAM configuration. Please check whether you have
> *.rpmnew files in /etc/pam.d/.
> 
> This shouldn't be a problem with a fresh installation, but if you upgraded
> your system from earlier openSUSE versions (<= 12.3 I think), you might
> still have pam_unix2.so in there which causes problems (insufficient
> privileges) for Plasma 5's screenlocker.
> Changing it to pam_unix.so should help.
> For reference, my files on 13.2 contain this:
> /etc/pam.d/common-account:
> account       required        pam_unix.so     try_first_pass
> (and similar for common-auth, -password, and -session)

OK, this fixed my problem, I have replaced the content of all those files with that from corresponding .rpmnew

Thanks!
Comment 4 Wolfgang Bauer 2016-02-01 18:30:04 UTC 
No info needed any more.