From 44e6701796c6cddb2edf41115d7c934cc1f21b8c Mon Sep 17 00:00:00 2001 From: purian23 Date: Tue, 10 Mar 2026 01:01:21 -0400 Subject: [PATCH] Update PAM defaults --- core/cmd/dms/commands_greeter.go | 5 ++-- core/internal/greeter/installer.go | 5 ++-- quickshell/Modules/Greetd/GreeterContent.qml | 31 ++++++++------------ 3 files changed, 19 insertions(+), 22 deletions(-) diff --git a/core/cmd/dms/commands_greeter.go b/core/cmd/dms/commands_greeter.go index 261e22d6..269a13a4 100644 --- a/core/cmd/dms/commands_greeter.go +++ b/core/cmd/dms/commands_greeter.go @@ -1631,8 +1631,9 @@ func checkGreeterStatus() error { } } else { if fprintAvailableForCurrentUser { - fmt.Printf(" ⚠ Fingerprint auth is active via included %s while DMS fingerprint toggle is off.\n", includedFprintFile) - fmt.Printf(" %s\n", systemPamManagerRemediationHint()) + fmt.Printf(" ℹ Fingerprint auth is active via included %s while DMS fingerprint toggle is off.\n", includedFprintFile) + fmt.Println(" Password login will work but may be delayed while the fingerprint module runs first.") + fmt.Printf(" To eliminate the delay, %s\n", systemPamManagerRemediationHint()) } else { fmt.Printf(" ℹ pam_fprintd is present via included %s, but no enrolled fingerprints were detected for user %s.\n", includedFprintFile, currentUser.Username) fmt.Println(" Password auth remains the effective login path.") diff --git a/core/internal/greeter/installer.go b/core/internal/greeter/installer.go index 091cb364..ff6291f1 100644 --- a/core/internal/greeter/installer.go +++ b/core/internal/greeter/installer.go @@ -1506,8 +1506,9 @@ func syncGreeterPamConfig(homeDir string, logFunc func(string), sudoPassword str } } else { if fprintAvailableForCurrentUser { - logFunc("⚠ Fingerprint auth is active via included " + includedFprintFile + " while DMS fingerprint toggle is off.") - logFunc(" " + pamManagerHintForCurrentDistro()) + logFunc("ℹ Fingerprint auth is active via included " + includedFprintFile + " while DMS fingerprint toggle is off.") + logFunc(" Password login will work but may be delayed while the fingerprint module runs first.") + logFunc(" To eliminate the delay, " + pamManagerHintForCurrentDistro()) } else { logFunc("ℹ pam_fprintd is present via included " + includedFprintFile + ", but no enrolled fingerprints were detected for the current user.") logFunc(" Password auth remains the effective login path.") diff --git a/quickshell/Modules/Greetd/GreeterContent.qml b/quickshell/Modules/Greetd/GreeterContent.qml index e7dafa20..291aaf24 100644 --- a/quickshell/Modules/Greetd/GreeterContent.qml +++ b/quickshell/Modules/Greetd/GreeterContent.qml @@ -35,8 +35,8 @@ Item { property bool pendingPasswordResponse: false property bool passwordSubmitRequested: false property bool cancelingExternalAuthForPassword: false - property int defaultAuthTimeoutMs: 12000 - property int externalAuthTimeoutMs: 45000 + property int defaultAuthTimeoutMs: 10000 + property int externalAuthTimeoutMs: 36000 property int memoryFlushDelayMs: 120 property string pendingLaunchCommand: "" property var pendingLaunchEnv: [] @@ -54,9 +54,8 @@ Item { property int maxPasswordSessionTransitionRetries: 2 readonly property bool greeterPamHasFprint: pamModuleEnabled(greetdPamText, "pam_fprintd") || (greetdPamText.includes("system-auth") && pamModuleEnabled(systemAuthPamText, "pam_fprintd")) || (greetdPamText.includes("common-auth") && pamModuleEnabled(commonAuthPamText, "pam_fprintd")) || (greetdPamText.includes("password-auth") && pamModuleEnabled(passwordAuthPamText, "pam_fprintd")) readonly property bool greeterPamHasU2f: pamModuleEnabled(greetdPamText, "pam_u2f") || (greetdPamText.includes("system-auth") && pamModuleEnabled(systemAuthPamText, "pam_u2f")) || (greetdPamText.includes("common-auth") && pamModuleEnabled(commonAuthPamText, "pam_u2f")) || (greetdPamText.includes("password-auth") && pamModuleEnabled(passwordAuthPamText, "pam_u2f")) - readonly property bool greeterExternalAuthCapable: greeterPamHasFprint || greeterPamHasU2f - readonly property bool greeterExternalAuthEnabledByToggle: (greeterPamHasFprint && GreetdSettings.greeterEnableFprint) || (greeterPamHasU2f && GreetdSettings.greeterEnableU2f) - readonly property bool greeterExternalAuthAvailable: greeterExternalAuthCapable + readonly property bool greeterExternalAuthAvailable: (greeterPamHasFprint && GreetdSettings.greeterEnableFprint) || (greeterPamHasU2f && GreetdSettings.greeterEnableU2f) + readonly property bool greeterPamHasExternalAuth: greeterPamHasFprint || greeterPamHasU2f function initWeatherService() { if (weatherInitialized) @@ -412,10 +411,7 @@ Item { if (Greetd.state !== GreetdState.Inactive) { if (pendingPasswordResponse && hasPasswordBuffer) submitBufferedPassword(); - else if (awaitingExternalAuth && hasPasswordBuffer) { - passwordSubmitRequested = true; - requestPasswordSessionTransition(); - } else if (hasPasswordBuffer) + else if (hasPasswordBuffer) passwordSubmitRequested = true; return; } @@ -424,11 +420,11 @@ Item { passwordSubmitRequested = true; return; } - if (!hasPasswordBuffer && !root.greeterExternalAuthEnabledByToggle) + if (!hasPasswordBuffer && !root.greeterExternalAuthAvailable) return; pendingPasswordResponse = false; passwordSubmitRequested = hasPasswordBuffer; - awaitingExternalAuth = !hasPasswordBuffer && root.greeterExternalAuthEnabledByToggle; + awaitingExternalAuth = !hasPasswordBuffer && root.greeterExternalAuthAvailable; authTimeout.interval = awaitingExternalAuth ? externalAuthTimeoutMs : defaultAuthTimeoutMs; authTimeout.restart(); Greetd.createSession(GreeterState.username); @@ -437,7 +433,7 @@ Item { function maybeAutoStartExternalAuth() { if (!GreeterState.showPasswordInput || !GreeterState.username) return; - if (!root.greeterExternalAuthEnabledByToggle) + if (!root.greeterExternalAuthAvailable) return; if (GreeterState.unlocking || Greetd.state !== GreetdState.Inactive) return; @@ -958,7 +954,7 @@ Item { anchors.verticalCenter: parent.verticalCenter iconName: root.greeterPamHasFprint ? "fingerprint" : "key" buttonSize: 32 - visible: GreeterState.showPasswordInput && root.greeterExternalAuthEnabledByToggle && GreeterState.passwordBuffer.length === 0 && (Greetd.state === GreetdState.Inactive || awaitingExternalAuth || pendingPasswordResponse) && !GreeterState.unlocking + visible: GreeterState.showPasswordInput && root.greeterExternalAuthAvailable && GreeterState.passwordBuffer.length === 0 && (Greetd.state === GreetdState.Inactive || awaitingExternalAuth || pendingPasswordResponse) && !GreeterState.unlocking enabled: visible onClicked: root.startAuthSession() } @@ -1594,13 +1590,12 @@ Item { return; } pendingPasswordResponse = false; - if (passwordSubmitRequested && GreeterState.passwordBuffer && GreeterState.passwordBuffer.length > 0 && awaitingExternalAuth && !cancelingExternalAuthForPassword) { - requestPasswordSessionTransition(); - return; - } if (!passwordSubmitRequested) awaitingExternalAuth = root.isExternalAuthPrompt(message, responseRequired); - authTimeout.interval = awaitingExternalAuth ? externalAuthTimeoutMs : defaultAuthTimeoutMs; + if (awaitingExternalAuth || (passwordSubmitRequested && root.isExternalAuthPrompt(message, responseRequired))) + authTimeout.interval = externalAuthTimeoutMs; + else + authTimeout.interval = defaultAuthTimeoutMs; authTimeout.restart(); Greetd.respond(""); }