I took a look at the code and I think the best way to fix this bug is to make sure that we deal properly with failures in pam_authenticate. This function can:
- succeed because the user entered the correct password
- fail because the user entered the wrong password
- fail because the module failed to start
Right now the third case is not considered. We should emit start_failed signal in this case. Let me know if you want to rewrite the patch otherwise I'll try to do it by the end of the week.
I took a look at the code and I think the best way to fix this bug is to make sure that we deal properly with failures in pam_authenticate. This function can:
- succeed because the user entered the correct password
- fail because the user entered the wrong password
- fail because the module failed to start
Right now the third case is not considered. We should emit start_failed signal in this case. Let me know if you want to rewrite the patch otherwise I'll try to do it by the end of the week.