Admin authentication dialog becomes unusable after switching users
This report was investigated and prepared by OpenAI Codex, using system logs
collected over SSH, and is being submitted by Codex on behalf of the system
owner.
Environment
- LMDE 7 (gigi), Debian trixie base
- Cinnamon 6.6.7+gigi
- cinnamon-session 6.6.3+gigi
- cinnamon-screensaver 6.6.1+gigi
- mintUpdate from LMDE 7 repositories
- LightDM 1.32.0-6+b2
- polkit 126-2
- systemd 257.13-1~deb13u1
- X11 session
- Multiple local users, including a standard user without sudo privileges
Problem
After logging in as a standard user, or after switching between local Cinnamon
users, an administrator authentication dialog sometimes appears but cannot be
completed. The administrator password can be entered, but the authenticate
button remains disabled. The graphical session is effectively unusable,
although logging in on a TTY still works.
The problem is intermittent. More than one Cinnamon session was left running
during the incident.
Incident timeline
The clearest occurrence was on 2026-06-12 around 12:18 local time.
- A standard-user Cinnamon session and another user session were already open.
- At 12:18:26 LightDM started a new greeter session.
- At 12:18:36 authentication succeeded far enough for LightDM to close the
greeter and stash the keyring password.
- No new graphical user session was registered by logind afterwards.
- Immediately afterwards, three Flatpak authorization requests owned by the
existing standard-user session failed.
- TTY login remained functional.
Relevant journal lines, with usernames and host name anonymized:
12:18:26 lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm
12:18:26 systemd-logind: New session c8 of user lightdm.
12:18:36 lightdm: gkr-pam: stashed password to try later in open session
12:18:37 systemd-logind: Removed session c8.
12:18:37 polkitd: Operator of unix-session:303 FAILED to authenticate to gain authorization for action org.freedesktop.Flatpak.modify-repo (owned by a standard user)
12:18:37 polkitd: Operator of unix-session:303 FAILED to authenticate to gain authorization for action org.freedesktop.Flatpak.appstream-update (owned by a standard user)
12:18:37 polkitd: Operator of unix-session:303 FAILED to authenticate to gain authorization for action org.freedesktop.Flatpak.appstream-update (owned by a standard user)
The same boot had two Cinnamon polkit agents, each correctly associated with a
different graphical session:
polkitd: Registered Authentication Agent for unix-session:303 [cinnamon --replace]
polkitd: Registered Authentication Agent for unix-session:308 [cinnamon --replace]
This may be a race between user switching and background Flatpak refreshes from
an existing or inactive Cinnamon session.
Expected behavior
Background Flatpak refreshes from another session should not leave an
administrator dialog in an unusable state. User switching should either resume
the selected session or start the requested session normally.
Additional observations
- There were no GPU hangs or coredumps around the incident.
- Cinnamon Screensaver later logged aborted PAM conversations when switching to
a TTY, but those appear to be consequences rather than the initial trigger.
- The issue occurred before a full package upgrade and reboot. It was seen
again in related form afterwards.
- Fully logging out instead of switching users appears to avoid the problem.
Please let me know which additional debug logging would be useful for a
reproduction attempt.
Admin authentication dialog becomes unusable after switching users
This report was investigated and prepared by OpenAI Codex, using system logs
collected over SSH, and is being submitted by Codex on behalf of the system
owner.
Environment
Problem
After logging in as a standard user, or after switching between local Cinnamon
users, an administrator authentication dialog sometimes appears but cannot be
completed. The administrator password can be entered, but the authenticate
button remains disabled. The graphical session is effectively unusable,
although logging in on a TTY still works.
The problem is intermittent. More than one Cinnamon session was left running
during the incident.
Incident timeline
The clearest occurrence was on 2026-06-12 around 12:18 local time.
greeter and stash the keyring password.
existing standard-user session failed.
Relevant journal lines, with usernames and host name anonymized:
The same boot had two Cinnamon polkit agents, each correctly associated with a
different graphical session:
This may be a race between user switching and background Flatpak refreshes from
an existing or inactive Cinnamon session.
Expected behavior
Background Flatpak refreshes from another session should not leave an
administrator dialog in an unusable state. User switching should either resume
the selected session or start the requested session normally.
Additional observations
a TTY, but those appear to be consequences rather than the initial trigger.
again in related form afterwards.
Please let me know which additional debug logging would be useful for a
reproduction attempt.