Index: gnome-keyring-3.34.0/pam/gkr-pam-module.c =================================================================== --- gnome-keyring-3.34.0.orig/pam/gkr-pam-module.c +++ gnome-keyring-3.34.0/pam/gkr-pam-module.c @@ -874,12 +874,27 @@ pam_sm_authenticate (pam_handle_t *ph, i /* Look up the password */ ret = pam_get_item (ph, PAM_AUTHTOK, (const void**)&password); if (ret != PAM_SUCCESS || password == NULL) { - if (ret == PAM_SUCCESS) - syslog (GKR_LOG_WARN, "gkr-pam: no password is available for user"); - else - syslog (GKR_LOG_WARN, "gkr-pam: no password is available for user: %s", + if (args & ARG_USE_AUTHTOK) { + if (ret == PAM_SUCCESS) + syslog (GKR_LOG_WARN, "gkr-pam: no password is available for user"); + else + syslog (GKR_LOG_WARN, "gkr-pam: no password is available for user: %s", + pam_strerror (ph, ret)); + return PAM_SUCCESS; + } + + ret = prompt_password (ph); + if (ret != PAM_SUCCESS) { + syslog (GKR_LOG_ERR, "gkr-pam: couldn't get the password from user: %s", pam_strerror (ph, ret)); - return PAM_SUCCESS; + return PAM_AUTH_ERR; + } + ret = pam_get_item (ph, PAM_AUTHTOK, (const void**)&password); + if (ret != PAM_SUCCESS || password == NULL) { + syslog (GKR_LOG_ERR, "gkr-pam: couldn't get the password from user: %s", + ret == PAM_SUCCESS ? "password was null" : pam_strerror (ph, ret)); + return PAM_AUTH_ERR; + } } ret = unlock_keyring (ph, pwd, password, &need_daemon);