How to setup PAM fprint grosshack with GDM?

giuseppe998e · 2024-06-07 06:47:58

I was following the login configurations of fprint - ArchWiki, and I wanted to use pam-fprint-grosshack with GDM.
I couldn't find any information about it, because the wiki says at the beginning of the section:

If you use GDM, the fingerprint-option is already available in the login menu (if not add yourself to the input user group). You can skip this section!

So I tried it myself and came to this conclusion, which indeed, works:

#%PAM-1.0

auth       required                    pam_shells.so
auth       requisite                   pam_nologin.so
auth       requisite                   pam_faillock.so    preauth

#auth       required                    pam_fprintd.so
auth       sufficient                  pam_fprintd_grosshack.so
auth       sufficient                  pam_unix.so    try_first_pass    nullok

auth       optional                    pam_permit.so
auth       required                    pam_env.so
auth       [success=ok default=1]      pam_gdm.so
auth       optional                    pam_gnome_keyring.so

account    include                     system-local-login

password   required                    pam_deny.so

session    include                     system-local-login
session    optional                    pam_gnome_keyring.so    auto_start

My question at this point is, written this way, have I compromised the security of GDM in any way?
I have never written a PAM configuration before.

Arch Linux

#1 2024-06-07 06:47:58

How to setup PAM fprint grosshack with GDM?

Board footer