PAM conversation fails if previous PAM module sent an error message #412
Description
When a PAM module sends an error message, all subsequent PAM modules will have the PAM conversation fail with the following error:
greetd[12198]: pam_conv: i/o error: Connection refused (os error 111)
greetd[12198]: error: i/o error: Transport endpoint is not connected (os error 107)
greetd[12198]: pam_unix(cosmic-greeter:auth): conversation failed
greetd[12198]: pam_unix(cosmic-greeter:auth): auth could not identify password for [user]
As a result, the user is never prompted for a password, making it impossible to log in.
This can be replicated on PopOS 24.04 by adding the following line to the beginning of /etc/pam.d/common-auth:
auth sufficient pam_exec.so /usr/bin/false
When the quiet option is added, it behaves as expected (after pam_exec fails, pam_unix successfully requests a password from the user).