Bug 1827469

Summary: Can not enter password at login after screen lock (with /usr/lib/systemd/user/vncserver@.service)
Product: Red Hat Enterprise Linux 8 Reporter: Lili Huang <lilhuang>
Component: tigervncAssignee: Jan Grulich <jgrulich>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.1CC: mkrajnak, smitterl, tpelka
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: 8.0   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-04 03:00:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lili Huang 2020-04-24 03:01:33 UTC 
Description of problem:
Can not enter password at gnome login screen after screen lock via a vnc session.
”Authentication error” shows up under the password input box.

Version-Release number of selected component (if applicable):
tigervnc-1.9.0-15.el8_1.x86_64
tigervnc-server-1.9.0-15.el8_1.x86_64

How reproducible:
Always

Steps to Reproduce:
Follow the procedure provided by /usr/lib/systemd/user/vncserver@.service.
Also referring below KCS knowledge.
How to configure VNC Server in Red Hat Enterprise Linux 8?
https://access.redhat.com/solutions/4201371

~~~~~~
ssh to the vnc server with a vnc user account. 
(disable selinux and firewalld for test, use "Standard (X11 display server) on Xorg" instead of default "Wayland display server")
1. $ mkdir -p ~/.config/systemd/user
2. $ cp /usr/lib/systemd/user/vncserver@.service ~/.config/systemd/user/
3. $ systemctl --user daemon-reload
4. $ vncpasswd
5. $ systemctl --user enable vncserver@:<display No.>.service --now
6. $ loginctl enable-linger
~~~~~~
 
Actual results:
When launch a vnc session on a vnc client, ”Authentication error” message shows up under the password input box, and you are not able to input the password.
Sometimes right after the configuration or after a reboot, you may able to login to the gnome desktop, but after a screen lock, the above issue occurs.

Expected results:
User can login to the gnome desktop correctly via a vnc session after a screen lock.


Additional info:
As a vnc user, ssh to the vnc server, do $ vncserver -kill :<display No. of user session> and then $ vncserver :<display No.> can somehow be a workaround. The issue won't show up again until the next OS reboot.
Comment 1 Jan Grulich 2020-04-24 05:23:52 UTC 
This is only a case with a user systemd service file, if you install the system systemd service file, which uses vncserver_wrapper script (this has been added quite recently as well), then you should be able to login.
Comment 2 Lili Huang 2020-04-24 06:25:58 UTC 
Yes, I have confirmed that vncserver_wrapper script(/usr/lib/systemd/system/vncserver@.service) works fine.  But /usr/lib/systemd/user/vncserver@.service provides a way for non-root users to configure the vnc service. 
It should be optional for customers to use the user systemd service file comparing with the vncserver_wrapper.
Comment 3 Jan Grulich 2020-04-24 08:26:08 UTC 
The vncserver_wrapper script is used to workaround systemd issues/limitations for the system service, with the user systemd service you don't need anything like that and actually the reason why it fails to unlock is that it's not fully initialized session with PAM etc. Tigervnc upstream now has a proper systemd support and we will try to bring it to RHEL 8, it should fix all the issues users have when using tigervnc over systemd.
Comment 7 Martin Krajnak 2020-05-19 13:35:02 UTC 
The lockscreen works as expected with new rebased version:

tigervnc-1.10.1-1.el8.x86_64
Comment 10 errata-xmlrpc 2020-11-04 03:00:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (tigervnc bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4683