this post was submitted on 20 Dec 2023
12 points (92.9% liked)

KDE

5287 readers
99 users here now

KDE is an international technology team creating user-friendly free and open source software for desktop and portable computing. KDE’s software runs on GNU/Linux, BSD and other operating systems, including Windows.

Plasma 6 Bugs

If you encounter a bug, proceed to https://bugs.kde.org, check whether it has been reported.

If it hasn't, report it yourself.

PLEASE THINK CAREFULLY BEFORE POSTING HERE.

Developers do not look for reports on social media, so they will not see it and all it does is clutter up the feed.

founded 1 year ago
MODERATORS
 

There is this useless feature where the lock screen tells you that the account is locked for 10 minutes because of three failed attempts to log in, but then I can just bypass it by forcing my computer off then powering it back on. Then what's the point of having it? I just got a new mechanical keyboard and I don't know if it has an issue or something, but it happened twice today without me doing anything while the pc is asleep, and it is annoying AF having to force shut down my pc by holding down the power button. This might also cause data loss for me. Is there a way to disable this thing?

Thanks

top 6 comments
sorted by: hot top controversial new old
[–] [email protected] 6 points 10 months ago (2 children)

That's managed by PAM: https://man.archlinux.org/man/faillock.8.en

I think it's mostly intended for remote access like when SSH'ing in, it locks up after too many bad attempts.

When you have physical access a lot of security stops being relevant. Although for users with full disk encryption, that'd also force the attacker to wipe the keys in RAM so it's still got some value.

[–] [email protected] 2 points 10 months ago* (last edited 10 months ago)

Ok, I figured it out. Looks like this new mechanical keyboard I got does something when I wake the PC up that causes those 3 attempts to be triggered. So I just set deny = 0 in /etc/security/faillock.conf. And to be more sure, I set the unlock time to 0. Lol That was very stressful. Thank you for bringing up faillock.

[–] [email protected] 1 points 10 months ago (1 children)

How do I disable it? That link doesn't show where to disable it. It just did it again and it's driving my fucking insane. I literally didn't do anything. I just locked my PC from the menu and went back to it to wake it up. I need this off my PC :/

[–] [email protected] 2 points 10 months ago

Set nodelay in the config options. By default this should be in /etc/security/faillock.conf

[–] [email protected] 3 points 10 months ago (1 children)

but then I can just bypass it by forcing my computer off then powering it back on. Then what's the point of having it?

You already have your answer, so I'll just add that not every implementation is the same. Our VDI deployment provides virtual desktops to remote users. Their own physical power buttons would only reset their thin client, not the remote workstation that has access to our secure network. If they want to reset that 10 minute timer early, they have to call IT and we can reset the virtual machine from our end after confirming that they're a valid user. But yes, some software security is trivial to bypass if you have no physical security.

[–] [email protected] 2 points 10 months ago

I wasn't asking why I can bypass it, I wanted to get rid of it because it's useless to me since my PC is physically in my basement and I'm right there trying to use it, not trying to access it remotely. Anyway, I got rid of it.