You are not logged in.

Pages: 1

#1 2017-07-20 10:30:22

sitwano
Member
Registered: 2017-07-07
Posts: 83

Cannot login after installing fprintd with home encrypted

Hi all, so I've recently installed fprintd on my thinkpad. I've configured the following files to be able to authenticate using my fingerprint:

/etc/pam.d/sudo
/etc/pam.d/system-local-login

and I added the following line to those files:

auth   sufficient   pam_fprintd.so

Now I've wondered how this would all work for logging in since I've encrypted everything using ecryptfs. After a quick restart I was presented with a login screen where it asked me to swipe my finger. It didnt even allow me to enter my password in the password box. So when I swipe my finger, it attempts to login but brings me back to the login screen.

So then I try to drop into the tty (cntrl+alt+f2) and attempt to login there. Again, im asked to swipe my finger. This time it logs me in, but gives the following message:

Signature not found in user keyring
Perhaps try the interactive 'ecryptfs-mount-private'

So I'm not able to access my files until i run ecryptfs-mount-private.

Is this normal behaviour?

Also one more thing, once I run ecryptfs-mount-private, I can drop back to GUI and login normally. Bonus question: How can I make it so that it only asks me for my fingerprint for running commands in the terminal with sudo and not when logging in? I've already tried to remove line from system-local-login but it still asks me for the fingerprint (although this time it lets me enter my password too when i do this).

Thanks in advance for any suggestions.

edit: After some investigation, it turns that its normal to not be able to login with fingerprint once home is encrypted http://www.thinkwiki.org/wiki/How_to_en … ith_fprint

So with this in mind, how do I disable fingerprint for login without uninstalling fprintd? I still want to use fprintd for other tasks once I am logged in.

I've also found the following file /etc/pam.d/gdm-fingerprint , which contains the following :
What does this file do? and why does it have the fprintd.so lines in it? I definitely didnt put those in there... commenting out all the fprintd.so lines lets me login without having to enter a password or fingerprint... which is dangerous! So not sure what to do here...

auth     required  pam_tally.so onerr=succeed file=/var/log/faillog
auth     required  pam_shells.so
auth     requisite pam_nologin.so
auth     required  pam_env.so
auth     required  pam_fprintd.so
auth     optional  pam_permit.so

account  include   system-local-login

password required  pam_fprintd.so
password optional  pam_permit.so

session  optional  pam_keyinit.so force revoke
session  include   system-local-login

Last edited by sitwano (2017-07-20 11:26:29)

Offline

Pages: 1

Board footer

Powered by FluxBB