My knowledge is not PAM friendly but I think it's something like this - when the screen is locked, PAM transaction is started via pam_start and after authentication (entered a password) it's closed via pam_end. But if we switch user from the locked screen, PAM transaction is not terminated via pam_end and pam_handle_ is still presented. When we return into the session and lock the screen again, the following code will cause the issue:
unity/lockscreen/UserAuthenticatorPam.cpp
if (pam_handle_)
{
LOG_ERROR(logger) << "Unable to start authentication because another one has already been started";
return false;
}
It will try 5 times to authenticate but it always returns false as pam_handle_ is still present, then the following code shows "Authentication failure" with "Switch to greeter" button:
unity/lockscreen/UserPromptView.cpp
if (num_retry_auth_ <= 5)
{
LOG_WARNING(logger) << "Failed to start the authentication process. Retrying for " << num_retry_auth_ << " time.";
source_manager_.AddTimeout(100, [this] {
StartAuthentication();
return false;
});
}
else
{
AddMessage(_("Authentication failure"), nux::color::Red);
AddButton(_("Switch to greeter…"), [this] {
session_manager_->SwitchToGreeter();
});
My solution is to terminate the PAM transaction and let it try to init the new one. I have tested it in my case and it works without problem.
I wonder why there is the case of error - "Unable to start authentication because another one has already been started". I don't know what case it's related to.
@Rael Gugelmin Cunha
My knowledge is not PAM friendly but I think it's something like this - when the screen is locked, PAM transaction is started via pam_start and after authentication (entered a password) it's closed via pam_end. But if we switch user from the locked screen, PAM transaction is not terminated via pam_end and pam_handle_ is still presented. When we return into the session and lock the screen again, the following code will cause the issue:
unity/lockscree n/UserAuthentic atorPam. cpp
if (pam_handle_) ERROR(logger) << "Unable to start authentication because another one has already been started";
{
LOG_
return false;
}
It will try 5 times to authenticate but it always returns false as pam_handle_ is still present, then the following code shows "Authentication failure" with "Switch to greeter" button:
unity/lockscree n/UserPromptVie w.cpp
if (num_retry_auth_ <= 5) WARNING( logger) << "Failed to start the authentication process. Retrying for " << num_retry_auth_ << " time."; manager_ .AddTimeout( 100, [this] { entication( ); _("Authenticati on failure"), nux::color::Red); _("Switch to greeter…"), [this] { manager_ ->SwitchToGreet er();
{
LOG_
source_
StartAuth
return false;
});
}
else
{
AddMessage(
AddButton(
session_
});
My solution is to terminate the PAM transaction and let it try to init the new one. I have tested it in my case and it works without problem.
I wonder why there is the case of error - "Unable to start authentication because another one has already been started". I don't know what case it's related to.