Password does not unlock screen

I forgot to say, that this is a clean install of 10.04. I did, however, have the /home on another partition, so users home directories and perhaps screensaver settings are from 8.04, which I ran on this computer before installing 10.04.

All users accounts I have tried this with have the same problem. I created a new account just now, even for that user screensaver did not accept the password. User could log back in to the locked session by switch user and login from graphical login screen.

Seems my guess the old settings from 8.04 are the cause is wrong.

What does your /var/log/auth.log look like when this happens?

Regards,
Jon Oberheide

Before pressing Control-Alt-L:

taleman@myrsky:~$ date ; tail /var/log/auth.log
ke 14.7.2010 19.04.18 +0300
Jul 14 12:17:01 myrsky CRON[2430]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul 14 12:17:01 myrsky CRON[2430]: pam_unix(cron:session): session closed for user root
Jul 14 12:56:30 myrsky gdm-session-worker[1319]: pam_unix(gdm:session): session closed for user timo
Jul 14 12:56:31 myrsky polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session2 (system bus name :1.36, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale fi_FI.UTF-8) (disconnected from bus)
Jul 14 19:00:11 myrsky gdm-session-worker[1304]: pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not met by user "taleman"
Jul 14 19:00:14 myrsky gdm-session-worker[1304]: pam_unix(gdm:session): session opened for user taleman by (uid=0)
Jul 14 19:00:14 myrsky gdm-session-worker[1304]: pam_ck_connector(gdm:session): nox11 mode, ignoring PAM_TTY :1
Jul 14 19:00:16 myrsky polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session2 (system bus name :1.36 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale fi_FI.utf8)
Jul 14 19:03:01 myrsky sudo: taleman : TTY=unknown ; PWD=/home/taleman ; USER=root ; COMMAND=/usr/bin/software-properties-gtk --open-tab 2 --toplevel 73400357
taleman@myrsky:~$

After Control-Alt-L, writing password once, then switch user and back from login screen:

taleman@myrsky:~$ date ; tail /var/log/auth.log
ke 14.7.2010 19.06.07 +0300
Jul 14 19:00:16 myrsky polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session2 (system bus name :1.36 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale fi_FI.utf8)
Jul 14 19:03:01 myrsky sudo: taleman : TTY=unknown ; PWD=/home/taleman ; USER=root ; COMMAND=/usr/bin/software-properties-gtk --open-tab 2 --toplevel 73400357
Jul 14 19:04:34 myrsky unix_chkpwd[1760]: check pass; user unknown
Jul 14 19:04:38 myrsky unix_chkpwd[1761]: check pass; user unknown
Jul 14 19:04:38 myrsky unix_chkpwd[1761]: password check failed for user (taleman)
Jul 14 19:04:38 myrsky gnome-screensaver-dialog: pam_unix(gnome-screensaver:auth): authentication failure; logname= uid=1000 euid=1000 tty=:1.0 ruser= rhost= user=taleman
Jul 14 19:04:40 myrsky unix_chkpwd[1763]: check pass; user unknown
Jul 14 19:04:47 myrsky gdm-session-worker[1809]: pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not met by user "taleman"
Jul 14 19:04:50 myrsky gdm-session-worker[1809]: pam_unix(gdm:session): session opened for user taleman by (uid=0)
Jul 14 19:04:50 myrsky gdm-session-worker[1809]: pam_ck_connector(gdm:session): nox11 mode, ignoring PAM_TTY :2
taleman@myrsky:~$

What's ls -l /etc/shadow look like? /etc/shadow should be 640, owner root, and group shadow.

I only ask because I ran into the same issue after "exploiting myself" with the recent pam_motd vulnerability. My PoC (http://twitter.com/jonoberheide/status/18009527979) changed the ownership of /etc/shadow and upon changing it back (I think I did chown root:root instead of root:shadow), I had the same issue of not being able to log in via the screensaver and the same "check pass; user unknown" error message (unix_chkpwd can't read the file if its not shadow group readable).

I would blame it on the recent vulnerability...except that your initial bug report pre-dated the vulnerability announcement. :-)

The owner was root:root, must have changed it by mistake when I put back password from previous install of Ubuntu. Doing chown root:shadow /etc/shadow and chmod u=r,g=r /etc/shadow fixed the problem.

Thanks for the tip. Have to be more careful next time I modify shadow and password files.

So this is not a bug about screensaver not accepting valid password, but a bug raport of the screensaver not showing warning message about wrong permissions in the /etc/shadow file.

Ok, through the "exploiting myself" like Jon Oberheide /etc/shadow got wrong rights. After resetting the rights of /etc/shadow, there are no problems any more. Thanks for the tip.

I've had this problem for a year, maybe more and finally you helped me solve it! Thank you very much!

As per the last comments, I'm closing this bug.

I know this is an old thread, however this has just happened to me on ubuntu 14.04, I had not made any change to /etc/shadow myself, and this is a fairly clean/new install. I came across this bug directed from here http://askubuntu.com/questions/128785/lock-screen-password-incorrect
so this seems to be a common occurrence - is it worth reopening this and investigating why the permissions on /etc/shadow keep changing?

i had this problem on xubuntu 15,04

Still happening from time to time for me as well.

This is the cure - http://superuser.com/questions/460075/why-does-xscreensaver-not-allow-me-to-enter-my-password