Bug ID 900836
Summary GNOME lock screen unlocks without password if fprintd is installed
Classification openSUSE
Product openSUSE Factory
Version 201410*
Hardware Other
OS Other
Status NEW
Severity Major
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter rbrown@suse.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Using the latest openSUSE Factory snapshot (also present in openSUSE 13.2 RC1)
GNOME automatically unlocks if fprintd is present

The user never gets asked for a password
The user never has an opportunity to enter their fingerprint

journal shows fprintd starting each time the lock screen is activated, but no
errors or warnings to imply it's misbehaving

Removing fprintd 'resolves' the issue but disables fingerprint authentication

Current theories to resolve this include -
Using the same gdm-fingerprint pam configuration as Fedora
https://git.gnome.org/browse/gdm/tree/data/pam-redhat/gdm-fingerprint.pam

Enabling split-authentication in the gdm package (currently being built in my
OBS home)

You are receiving this mail because: