0

Since I switched from Ubuntu to Manjaro several months ago, I've had a weird problem: I haven't been able to log into the virtual console, always getting a "Login incorrect" message, although all the other authentication has worked perfectly. Today, I finally decided to solve that, but did not succeed.

getty seems to run normally and invoke login as expected.

$ ps auxww |grep getty
root      129384  0.0  0.0   7176  3880 tty3     Ss+  22:47   0:00 /sbin/agetty -o -p -- \u --noclear - linux

I checked there's no leftover /etc/nologin or /var/run/nologin, and the related configs (/etc/login.defs, /etc/security/*) are totally untouched and quite permissive distro defaults.

Nevertheless, when trying to log into the VC, I'm getting (after enabling the debug option for some PAM modules):

dic 06 22:46:53 s0me0ne login[128494]: pam_systemd_home(login:auth): pam-systemd-homed authenticating
dic 06 22:46:53 s0me0ne login[128494]: pam_systemd_home(login:auth): New sd-bus connection (system-bus-pam-systemd-home-128494) opened.
dic 06 22:46:53 s0me0ne login[128494]: pam_systemd_home(login:auth): systemd-homed is not available: Could not activate remote peer 'org.freedesktop.home1': activation request failed: unknown unit
dic 06 22:46:53 s0me0ne login[128494]: pam_unix(login:auth): username [s0me0ne] obtained
dic 06 22:46:55 s0me0ne unix_chkpwd[129255]: password check failed for user (s0me0ne)
dic 06 22:46:55 s0me0ne login[128494]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty3 ruser= rhost=  user=s0me0ne
dic 06 22:46:56 s0me0ne login[128494]: FAILED LOGIN 1 FROM tty3 FOR s0me0ne, Authentication failure

I double-checked that all the unix_chkpwd instances present in the system are SUID root and are hardlinks to the same binary:

$ ls -li /usr/bin/unix_chkpwd /sbin/unix_chkpwd                                                                                                                                               
220202420 -rwsr-sr-x 1 root root 26672 18 nov 12.58 /sbin/unix_chkpwd
220202420 -rwsr-sr-x 1 root root 26672 18 nov 12.58 /usr/bin/unix_chkpwd

Then I recalled the old good pamtester and gave it a try:

$ pamtester -v login s0me0ne authenticate                                                                                                                                                                                                                                                                 pamtester: invoking pam_start(login, s0me0ne, ...)
pamtester: performing operation - authenticate
Password: 
pamtester: successfully authenticated

Worked like a charm, and PAM is happy, no errors in logs.

The last thing I tried is manually testing the unix_chkpwd functionality itself:

$ mkfifo /tmp/pw
$ echo -ne 'mypassword\0' >/tmp/pw &
[1] 137112
$ /sbin/unix_chkpwd s0me0ne nullok </tmp/pw
[1]  + done       echo -ne 'mypassword\0' > /tmp/pw
$ echo $?
0

At this point, I'm completely stuck and scratching my head. Any thoughts are appreciated.

Improve this question

1 Answer 1

Reset to default
0

It turned out to be a ridiculously silly configuration bug.

The console keymap in /etc/vconsole.conf was set to Croatian, which is QWERTZ, and my keyboard is QWERTY. So when I was entering my username, which doesn't contain any ys and zs, it looked like the keymap was totally okay. But the y in my password was replaced with z.

All the other tests were done under X11, and my xkb keymaps were QWERTY and worked fine.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.