[arch-general] Anyone using fprint for authentication ?

[Thomas Bächler]

Alper KANAT schrieb:
> Hey There,
> 
> I want to use my fingerprint scanner to login through GDM and GNOME 
> Screensaver... I can do this right now partially... It always asks for 
> my password which is maybe secure but annoying at the same time..
> 
> I want to use fingerprint login first and if it fails then I want to use 
> password login..
> 
> Any ideas for how to do this ?
> 
> I'm trying this in GNOME Screensaver but it asks for the password 
> whenever I slide my finger on the scanner..
> 

There are some shortcomings in PAM and the way it is handled in login 
managers. Here is the setup I had with kde (/etc/pam.d/kde):

auth       required     pam_nologin.so
auth       sufficient   pam_unix.so
auth       sufficient   pam_fprint.so
auth       required     pam_deny.so
account    required     pam_unix.so
password   required     pam_unix.so
session    required     pam_unix.so
session    required     pam_limits.so

This is all re-done from memory, as I lost the file (don't forget to put 
it in NoUpgrade). What happens is the following: If I enter a correct 
password, then no fingerprint is required. If I enter a wrong password 
(or none, which I did most of the time), it tries to get my fingerprint.

IMO, this is the best compromise, as kdm asks for a password anyway and 
only scans the finger after I hit enter, so checking the password first 
makes sense.

I guess you can make a similar setup work with gdm. Making kde not ask 
for a password at all is not possible though.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://archlinux.org/pipermail/arch-general/attachments/20080301/6c422943/attachment.pgp>