Issue: Unlock screen becomes unresponsive for a while and then asks for password again #1047
Description
Is there an existing issue for this?
- I have searched the existing issues and found none that matched mine
Describe the issue
When I entered my password to unlock the screen, it didn't respond for some time while the password entry was insensitive. Then the password entry was cleared and became sensitive again. It's possible that I mistyped my password, but gdm didn't tell me that my password was incorrect, and it took a lot longer than usually when I mistype my password.
Steps to reproduce
No response
System information and logs
authd version
authd 0.5.6+git250814+987+b3a6cc95~ubuntu25.04.1
authd-msentraid broker version
name: authd-msentraid
summary: authd - MS Entra ID Cloud Authentication for Ubuntu
publisher: Canonical**
store-url: https://snapcraft.io/authd-msentraid
license: GPL-3.0-only
description: |
authd is a powerful authentication service for Ubuntu, designed to
integrate with cloud identity providers like Microsoft Entra ID. It
delivers a secure, flexible solution for organizations and individuals who
are transitioning to cloud-based identity management on Ubuntu workstations
and servers.
authd uses the OAuth Device Authorization Grant and ensures a consistent
and secure login experience across Ubuntu Desktop and Server — whether
through GDM, SSH, or network services like NFS and Samba.
Key Features
* Cloud identity provider Integration: Connects with Microsoft Entra ID
* Secure Login: authd leverages the OAuth Device Authorization Grant RFC
8628-compliant workflows for reliability and security.
* Open-Source: Free and community-driven, with contributions welcomed.
* Enterprise ready: Ubuntu Pro customers will benefit from the same
expanded security and support guarantees.
* authd is free for all Ubuntu Desktop and Server 24.04 LTS users and is
under active development. Explore the official documentation for
installation and configuration steps, or visit the GitHub repository to
contribute or provide feedback.
snap-id: vS3oJLMss6lgWwoFcPqYDUA2HB20I1Dc
channels:
0.x/stable: 0.3.0 2025-06-12 (200) 20MB -
0.x/candidate: 0.3.0+d9de539.43f11a7 2025-07-21 (220) 20MB -
0.x/beta: ^
0.x/edge: 0.3.0+9b4be1a.11fd3c8 2025-08-26 (240) 20MB -
gnome-shell version
gnome-shell:
Installed: 48.0-1ubuntu2.authd3
Candidate: 48.0-1ubuntu2.authd4
Version table:
48.0-1ubuntu2.authd4 500
500 https://ppa.launchpadcontent.net/ubuntu-enterprise-desktop/authd-edge/ubuntu plucky/main amd64 Packages
*** 48.0-1ubuntu2.authd3 100
100 /var/lib/dpkg/status
48.0-1ubuntu2.authd1 500
500 https://ppa.launchpadcontent.net/ubuntu-enterprise-desktop/authd/ubuntu plucky/main amd64 Packages
48.0-1ubuntu1.1 500
500 http://de.archive.ubuntu.com/ubuntu plucky-updates/main amd64 Packages
48.0-1ubuntu1 500
500 http://de.archive.ubuntu.com/ubuntu plucky/main amd64 Packages
46.0-0ubuntu6~24.04.9 500
500 http://de.archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages
46.0-0ubuntu5 500
500 http://de.archive.ubuntu.com/ubuntu noble/main amd64 Packages
Distribution
Distributor ID: Ubuntu
Description: Ubuntu 25.04
Release: 25.04
Codename: plucky
Logs
[236976.321027] ubuntu authd[207256]: 3820511142-a1980db6-396f-4862-aa41-b1d27c7056da: New auth session for "[email protected]"
[236976.322288] ubuntu authd-google[2372]: Authentication mode "device_auth" is not supported by the UI
[237012.126590] ubuntu gnome-shell[263588]: authd: Cancelling authentication
[237012.252573] ubuntu gnome-shell[263588]: authd: Starting authd protocol
[237012.257306] ubuntu gnome-shell[263588]: authd: Broker selected 3820511142
[237012.278547] ubuntu authd[207256]: 3820511142-babd8af2-c6b1-4f0c-adce-0eb30e6a35bf: New auth session for "[email protected]"
[237012.279559] ubuntu authd-google[2372]: Authentication mode "device_auth" is not supported by the UI
[237012.285992] ubuntu gnome-shell[263588]: authd: Starting challenge request form Enter your local password
[237014.663968] ubuntu authd-google[2372]: IsAuthenticated: granted
[237014.664467] ubuntu authd[207256]: 3820511142-babd8af2-c6b1-4f0c-adce-0eb30e6a35bf: Authentication result: granted
[237014.664490] ubuntu authd[207256]: Updating user "[email protected]"
[237014.664691] ubuntu authd[207256]: User "[email protected]" in database already matches current
[237014.665749] ubuntu gnome-shell[263588]: authd: Access response: granted
[237014.665802] ubuntu authd[207256]: 3820511142-babd8af2-c6b1-4f0c-adce-0eb30e6a35bf: End session "Google"
[237014.713880] ubuntu gdm-authd][889561]: gkr-pam: no password is available for user
[237014.727483] ubuntu gnome-shell[263588]: authd: Cancelling authentication
authd apt history
Start-Date: 2025-08-25 21:24:58
Commandline: apt dist-upgrade
Requested-By: [email protected] (1001)
Upgrade: gnome-shell:amd64 (48.0-1ubuntu2.authd1, 48.0-1ubuntu2.authd3), authd:amd64 (0.5.6+git250718+960+e1d37665~ubuntu25.04.1, 0.5.6+git250814+987+b3a6cc95~ubuntu25.04.1), gnome-shell-common:amd64 (48.0-1ubuntu2.authd1, 48.0-1ubuntu2.authd3), gnome-shell-extension-prefs:amd64 (48.0-1ubuntu2.authd1, 48.0-1ubuntu2.authd3)
End-Date: 2025-08-25 21:25:02
authd broker configuration
/etc/authd/brokers.d/google.conf
# This section is used by authd to identify and communicate with the broker.
# It should not be edited.
[authd]
name = Google
brand_icon = /snap/authd-google/current/broker_icon.png
dbus_name = com.ubuntu.authd.Google
dbus_object = /com/ubuntu/authd/Google
authd-msentraid configuration
cat: /var/snap/authd-msentraid/current/broker.conf: No such file or directory
authd-google configuration
[oidc]
issuer = https://accounts.google.com
client_id = <redacted>
client_secret = <redacted>
## Force remote authentication with the identity provider during login,
## even if a local method (e.g. local password) is used.
## This works by forcing a token refresh during login, which fails if the
## user does not have the necessary permissions in the identity provider.
##
## If set to false (the default), remote authentication with the identity
## provider only happens if there is a working internet connection and
## the provider is reachable during login.
##
## Important: Enabling this option prevents authd users from logging in
## if the identity provider is unreachable (e.g. due to network issues).
#force_provider_authentication = false
[users]
## The directory where the home directories of new users are created.
## Existing users will keep their current home directory.
## The home directories are created in the format <home_base_dir>/<username>
#home_base_dir = /home
## If configured, only users with a suffix in this list are allowed to
## log in via SSH. The suffixes must be separated by comma.
#ssh_allowed_suffixes = @example.com,@anotherexample.com
## 'allowed_users' specifies the users who are permitted to log in after
## successfully authenticating with the Identity Provider.
## Values are separated by commas. Supported values:
## - 'OWNER': Grants access to the user specified in the 'owner' option
## (see below). This is the default.
## - 'ALL': Grants access to all users who successfully authenticate
## with the Identity Provider.
## - <username>: Grants access to specific additional users
## (e.g. [email protected]).
## Example: allowed_users = OWNER,[email protected],[email protected]
#allowed_users = OWNER
## 'owner' specifies the user assigned the owner role. This user is
## permitted to log in if 'OWNER' is included in the 'allowed_users'
## option.
##
## If this option is left unset, the first user to successfully log in
## via this broker will automatically be assigned the owner role. A
## drop-in configuration file will be created in broker.conf.d/ to set
## the 'owner' option.
##
## To disable automatic assignment, you can either:
## 1. Explicitly set this option to an empty value (e.g. owner = "")
## 2. Remove 'OWNER' from the 'allowed_users' option
##
## Example: owner = [email protected]
#owner =
Double check your logs
- I have redacted any sensitive information from the logs