[opensuse-support] authentication via fingerprint-reader
Hi, I'm playing with the fingerprint-reader for login authentication (Tumbleweed/ KDE). The fingerprint-reader is working properly and I have enrolled and verified some fingerprints. Question now how to incorporate this into the pam properly? As https://en.opensuse.org/SDB:Using_fingerprint_authentication is quite outdated I followed https://wiki.archlinux.org/index.php/SDDM#Using_a_fingerprint_reader and added auth sufficient pam_fprintd.so to /etc/pam.d/sddm, which afterwards looks like: #%PAM-1.0 auth sufficient pam_fprintd.so auth include common-auth account include common-account password include common-password session required pam_loginuid.so session include common-session session optional pam_keyinit.so revoke force Result: At the login-screen I enter the password, and afterwards the login freezes. Putting the finter on the reader does not help. Hitting 'Enter' on an empty password field neither. I have never worked with pam, so thats completely a blackbox for me. Any thint is appreciated! Thanks Axel -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
Op vrijdag 15 mei 2020 15:00:39 CEST schreef Axel Braun:
Hi,
I'm playing with the fingerprint-reader for login authentication (Tumbleweed/ KDE).
The fingerprint-reader is working properly and I have enrolled and verified some fingerprints. Question now how to incorporate this into the pam properly?
As https://en.opensuse.org/SDB:Using_fingerprint_authentication is quite outdated I followed https://wiki.archlinux.org/index.php/SDDM#Using_a_fingerprint_reader and added auth sufficient pam_fprintd.so to /etc/pam.d/sddm, which afterwards looks like:
#%PAM-1.0 auth sufficient pam_fprintd.so auth include common-auth account include common-account password include common-password session required pam_loginuid.so session include common-session session optional pam_keyinit.so revoke force
Result: At the login-screen I enter the password, and afterwards the login freezes. Putting the finter on the reader does not help. Hitting 'Enter' on an empty password field neither.
I have never worked with pam, so thats completely a blackbox for me.
Any thint is appreciated! Thanks Axel Maybe this helps, Axel: https://forums.opensuse.org/showthread.php/540092-Login-with-keyboard-with-f...
-- Gertjan Lettink a.k.a. Knurpht openSUSE Forums Team -- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
15.05.2020 16:00, Axel Braun пишет:
Hi,
I'm playing with the fingerprint-reader for login authentication (Tumbleweed/ KDE).
The fingerprint-reader is working properly and I have enrolled and verified some fingerprints. Question now how to incorporate this into the pam properly?
As https://en.opensuse.org/SDB:Using_fingerprint_authentication is quite outdated I followed https://wiki.archlinux.org/index.php/SDDM#Using_a_fingerprint_reader and added auth sufficient pam_fprintd.so to /etc/pam.d/sddm, which afterwards looks like:
#%PAM-1.0 auth sufficient pam_fprintd.so auth include common-auth account include common-account password include common-password session required pam_loginuid.so session include common-session session optional pam_keyinit.so revoke force
Result: At the login-screen I enter the password, and afterwards the login freezes. Putting the finter on the reader does not help. Hitting 'Enter' on an empty password field neither.
As I explained in forum thread mentioned, PAM calls each module sequentially which means pam_fprintd is always called first. It does not matter what you enter as password as this is not going to be used until control reaches another module which happens only if pam_fprintd fails. Which is more or less what link above means under "logging in with only a password no longer works using this method". Do you see any prompt to authenticate using fingerprint? pam_fprintd should prompt user but it depends entirely on application whether it displays these prompts. Does it work with text based programs like su or sudo?
I have never worked with pam, so thats completely a blackbox for me.
Any thint is appreciated! Thanks Axel
-- To unsubscribe, e-mail: opensuse-support+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-support+owner@opensuse.org
participants (3)
-
Andrei Borzenkov
-
Axel Braun
-
Knurpht-openSUSE