504962 – After a PAM lock-out period for too many incorrect attempts has passed, the next attempt fails even with the correct password

Bug 504962 - After a PAM lock-out period for too many incorrect attempts has passed, the next attempt fails even with the correct password

Summary: After a PAM lock-out period for too many incorrect attempts has passed, the n...

Status:	CONFIRMED

Alias:	None

Product:	plasmashell
Classification:	Plasma
Component:	Screen locking (other bugs)
Version First Reported In:	6.3.5
Platform:	Arch Linux Linux

Importance:	NOR normal
Target Milestone:	1.0
Assignee:	Fernando M. Muniz

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-05-29 13:53 UTC by Fernando M. Muniz
Modified:	2025-06-12 05:46 UTC (History)
CC List:	4 users (show)

See Also:	504961
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
The 10 minute timer doesn't update, but more than 10 minutes have passed. (2.18 MB, video/mp4) 2025-05-29 14:13 UTC, Fernando M. Muniz	Details
Issue on Plasma 6.3.91 (6.4 Beta 2) (1.77 MB, video/mp4) 2025-05-29 20:09 UTC, Fernando M. Muniz	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Fernando M. Muniz 2025-05-29 13:53:01 UTC

1- Try to log in with incorrect passwords 3 times to block your account for 10 minutes.
2- Type your correct password in the input field and stay on that screen for 11 minutes.
3- Press Enter to log in.

Result:
The login attempt fails with the correct password.

Additional Information:
I didn't verify if it weights in as a failed login attempt.

Comment 1 Fernando M. Muniz 2025-05-29 14:13:28 UTC

Created attachment 181874 [details]
The 10 minute timer doesn't update, but more than 10 minutes have passed.

Comment 2 TraceyC 2025-05-29 19:33:48 UTC

I'm not able to reproduce this on git-master, Solus. The system doesn't have a 10 minute lockout after 3 incorrect login attempts.

Unfortunately there isn't enough information for us to try to figure out what's happening. Please add information about your system as requested in the bug report template. Copy and paste this with the information into a new comment.

SOFTWARE/OS VERSIONS
Windows: 
macOS: 
(available in the Info Center app, or by running `kinfo` in a terminal window)
Linux/KDE Plasma: 
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 

ADDITIONAL INFORMATION


Thanks for your understanding

Comment 3 Nate Graham 2025-05-29 19:39:58 UTC

(In reply to TraceyC from comment #2)
> I'm not able to reproduce this on git-master, Solus. The system doesn't have
> a 10 minute lockout after 3 incorrect login attempts.
It's a PAM setup thing; not all distros do this by default, but I think Arch does.

See https://linux.die.net/man/8/pam_faillock; you need the "pam_faillock" module active to experience this.

Comment 4 Fernando M. Muniz 2025-05-29 20:09:42 UTC

Created attachment 181881 [details]
Issue on Plasma 6.3.91 (6.4 Beta 2)

Operating System: Arch Linux 
KDE Plasma Version: 6.3.91
KDE Frameworks Version: 6.14.0
Qt Version: 6.9.0
Kernel Version: 6.14.7-arch2-1 (64-bit)
Graphics Platform: Wayland
Processors: 8 × 11th Gen Intel® Core™ i5-11300H @ 3.10GHz
Memory: 9 GB of RAM (8.1 GB usable)
Graphics Processor 1: NVIDIA GeForce GTX 1650
Graphics Processor 2: Intel® Iris® Xe Graphics
Manufacturer: LENOVO
Product Name: 82MG
System Version: IdeaPad Gaming 3 15IHU6

Comment 5 John Kizer 2025-06-12 05:46:44 UTC

I can reproduce on an EndeavourOS VM, artificially setting the PAM lockout period to 10 seconds to make it easier to test. As shown in the video, the first attempt is reported as failed, then the second attempt passes.

The journal line that seems to show up on that device, that doesn't show up on my Fedora KDE 42 device (without faillock), is pam_faillock(kde:auth): Error sending audit message: Operation not permitted

Perhaps this is what was underlying the issue in https://bugs.kde.org/show_bug.cgi?id=480460 ?