You are not logged in.
Hi all, so I've recently installed fprintd on my thinkpad. I've configured the following files to be able to authenticate using my fingerprint:
/etc/pam.d/sudo
/etc/pam.d/system-local-login
and I added the following line to those files:
auth sufficient pam_fprintd.so
Now I've wondered how this would all work for logging in since I've encrypted everything using ecryptfs. After a quick restart I was presented with a login screen where it asked me to swipe my finger. It didnt even allow me to enter my password in the password box. So when I swipe my finger, it attempts to login but brings me back to the login screen.
So then I try to drop into the tty (cntrl+alt+f2) and attempt to login there. Again, im asked to swipe my finger. This time it logs me in, but gives the following message:
Signature not found in user keyring
Perhaps try the interactive 'ecryptfs-mount-private'
So I'm not able to access my files until i run ecryptfs-mount-private.
Is this normal behaviour?
Also one more thing, once I run ecryptfs-mount-private, I can drop back to GUI and login normally. Bonus question: How can I make it so that it only asks me for my fingerprint for running commands in the terminal with sudo and not when logging in? I've already tried to remove line from system-local-login but it still asks me for the fingerprint (although this time it lets me enter my password too when i do this).
Thanks in advance for any suggestions.
edit: After some investigation, it turns that its normal to not be able to login with fingerprint once home is encrypted http://www.thinkwiki.org/wiki/How_to_en … ith_fprint
So with this in mind, how do I disable fingerprint for login without uninstalling fprintd? I still want to use fprintd for other tasks once I am logged in.
I've also found the following file /etc/pam.d/gdm-fingerprint , which contains the following :
What does this file do? and why does it have the fprintd.so lines in it? I definitely didnt put those in there... commenting out all the fprintd.so lines lets me login without having to enter a password or fingerprint... which is dangerous! So not sure what to do here...
auth required pam_tally.so onerr=succeed file=/var/log/faillog
auth required pam_shells.so
auth requisite pam_nologin.so
auth required pam_env.so
auth required pam_fprintd.so
auth optional pam_permit.so
account include system-local-login
password required pam_fprintd.so
password optional pam_permit.so
session optional pam_keyinit.so force revoke
session include system-local-login
Last edited by sitwano (2017-07-20 11:26:29)
Offline