I can reproduce this bug.  If the user fails to enter the root password when trying to start configure, then it should go back to asking username/password rather than trying to continue asking for the root password.  The user should need to reselect "Configure GDM" in order to try again.

The code that is broken is probably in the if (do_configurator) block in gdm_slave_wait_for_login.  It looks like the code is trying to call GDM_RESET on failed password, which I'd think would cause the loop to continue and try to restart the PAM conversation.

Perhaps this code is not properly handling the situation of failed password, or we are causing the username to get cached in PAM and we aren't clearing it?

Could you share debug output maybe this will help clarify the path the code is failling into?

I dug into this some more, and I fixed the problem.  The issue is that the gdm_verify_user function in daemon/verify-pam.c has some special logic so that if you pass in the username it will allow you to retry to enter the password 3 times.  This is intended to be used only by the face browser so that if you select a user there, it will ask for the password 3 times before failing and going back to "Username".  However, when we try to start the configurator, we also pass in the root username, and the way daemon/slave.c is written, on the 2nd try it goes back to the call for login rather than knowing to try to start the configurator again.

So I fixed it so that you can disable this feature and when running the configurator, I tell gdm_verify_user to not use this feature...fixing the problem.  This way it only asks for the password once for the configurator.  

Fixed in 2.18 and SVN head.  This was introduced into 2.18 when Ludwig Nussel rewrote the PAM code for 2.18 to make it more generic.