Bug 429348

Summary: Doesn't communicate to the user what's going on when the auth action has been locked due to excessive incorrect password attempts
Product: [Applications] systemsettings Reporter: postix <postix>
Component: kcm_sddmAssignee: David Edmundson <kde>
Status: RESOLVED FIXED    
Severity: normal CC: bugseforuns, eschwartz93, nate, null, plasma-bugs, postix
Priority: NOR Keywords: usability
Version: 5.20.3   
Target Milestone: ---   
Platform: Other   
OS: Other   
See Also: https://bugs.kde.org/show_bug.cgi?id=428613
Latest Commit: https://invent.kde.org/plasma/sddm-kcm/commit/c14253b0baeb6182c9b5bf888f6c8db77bf3c70e Version Fixed In: 5.25
Sentry Crash Report:

Description postix 2020-11-19 14:45:59 UTC 
SUMMARY

Make a change and click on apply. Enter no password or a wrong password three times.
The password dialog will vanish and the apply button will gray out.

I would not expect this. You wouldn't know if you didn't enter the correct password at the third try and would be surprised that the change was not applied afterwards.


SOFTWARE/OS VERSIONS
Operating System: Manjaro Linux
KDE Plasma Version: 5.20.3
KDE Frameworks Version: 5.76.0
Qt Version: 5.15.1
Comment 1 Nate Graham 2020-11-19 20:39:33 UTC 
This is caused by using the pam_deny module which Arch now used by default. You'll want to talk to the Arch packagers about it.
Comment 3 postix 2020-11-20 17:12:44 UTC 
Patrick Silva, you are on Arch. Could you please try to reproduce it and report if you are successful report it to the Arch maintainers? My report was closed immediately, though I'm on Manjaro.
Comment 4 Patrick Silva 2020-11-20 17:57:18 UTC 
it's not Arch specific. I can reproduce on neon unstable.
Comment 5 postix 2020-11-20 18:05:41 UTC 
(In reply to Patrick Silva from comment #4)
> it's not Arch specific. I can reproduce on neon unstable.

Thanks for checking!

Nate, against what does it need to be reported now?
Comment 6 Eli Schwartz 2020-11-20 18:48:09 UTC 
It's correctly reported against KDE.

> This is caused by using the pam_deny module which Arch now used by default. You'll want to talk to the Arch packagers about it.

This is a fundamentally invalid argument; calling it a distro bug if KDE produces invalid results when PAM contains an active pam_deny module that rejected the authentication attempt, is missing all the points.
Unless the implication is that no one in their right mind would ever use a core module distributed by the Linux-PAM project, it's KDE's job to handle the case where the sysadmin is using it.

Pointing fingers at pam_deny is at best a workaround for people whose buggy KDE setups are currently causing usability issues. The correct response is therefore "this is a bug in KDE, but until a fix is available you may wish to disable pam_deny from your current PAM stack".

As Patrick pointed out, the problem will just as well manifest on other distros.
Comment 7 Nate Graham 2020-11-20 20:47:38 UTC 
Fair enough.

And yeah, I can also reproduce on openSUSE Tumbleweed without the pam_deny module loaded
Comment 8 Nate Graham 2022-05-27 17:08:10 UTC 
Git commit 30edb01b381f78ea2ac9898e33a4c1f9845f1509 by Nate Graham, on behalf of oioi 555.
Committed on 27/05/2022 at 17:08.
Pushed by ngraham into branch 'master'.

Re-enable apply button on save failure

Allow user to know that save could not be done.
FIXED-IN: 5.25

M  +1    -0    src/sddmkcm.cpp

https://invent.kde.org/plasma/sddm-kcm/commit/30edb01b381f78ea2ac9898e33a4c1f9845f1509
Comment 9 Nate Graham 2022-05-27 17:10:18 UTC 
Git commit c14253b0baeb6182c9b5bf888f6c8db77bf3c70e by Nate Graham, on behalf of oioi 555.
Committed on 27/05/2022 at 17:10.
Pushed by ngraham into branch 'Plasma/5.25'.

Re-enable apply button on save failure

Allow user to know that save could not be done.
FIXED-IN: 5.25


(cherry picked from commit 30edb01b381f78ea2ac9898e33a4c1f9845f1509)

M  +1    -0    src/sddmkcm.cpp

https://invent.kde.org/plasma/sddm-kcm/commit/c14253b0baeb6182c9b5bf888f6c8db77bf3c70e