Arch Linux

kaushikgn

Member

Registered: 2020-04-12

Posts: 52

Fingerprint auth requires password on sddm greeter

My system is Thinkpad X1 Carbon 6th gen. Fingerprintreader :

Bus 001 Device 004: ID 06cb:009a Synaptics, Inc. Metallica MIS Touch Fingerprint Reader

Arch kernel 5.8.14-arch1-1. plasma 5.20.0
Fingerprint reader works with python3-valdity  except for resuming from sleep (always asks for password never prompts for fingerprint) and sddm greeter needs password first and then on enter it prompts for fingerprint. What im trying to do is find a fix for the latter (details below). Is this possible with sddm or this is an inherent limitation of sddm and how it invokes/starts pam auth?

/etc/pam.d/sddm config file below. If i uncomment the first line then the fingerprint auth module never gets invoked and login is standard password.With the line commented it loads the fingerprint module after one has entered the correct password (not just enter). So basically there is first password and then fingerprint.Is there a way to avoid the password bit and hit enter to start the fingerprint auth.

#%PAM-1.0
#auth            sufficient      pam_unix.so try_first_pass likeauth nullok
auth            sufficient      pam_fprintd.so
auth		include		system-login
-auth		optional	pam_gnome_keyring.so
-auth   optional  pam_kwallet5.so

account		include		system-login

password	include		system-login
-password	optional	pam_gnome_keyring.so use_authtok

session		optional	pam_keyinit.so force revoke
session		include		system-login
-session		optional	pam_gnome_keyring.so auto_start
-session  optional  pam_kwallet5.so auto_start

tty login works perfectly with fingerpint. system-local-login config file below

#%PAM-1.0

auth      sufficient pam_fprintd.so
auth      include   system-login
account   include   system-login
password  include   system-login
session   include   system-login

Also KDE lock screen works fine with enter. Config file same as suggested in arch wiki. Works with the first 2 lines like mentioned in the wiki

#auth 			sufficient  	pam_fprintd.so
auth 			sufficient  	pam_unix.so try_first_pass likeauth nullok

Any pointers to what can i look for in journal or other log files that could help.
Many thanks