You are not logged in.

#1 2022-06-30 15:05:37

logothete
Member
Registered: 2022-01-06
Posts: 44

fprintd-verify fails; enabling fingerprint blocks use of password

I use SDDM as the login manager for KDE (also forGNOME); I'm trying to use my built-in fingerprint scanner as an alternative to password when logging in at startup or from lock screen.

Here's the device:

lsusb | grep Elan
Bus 003 Device 003: ID 04f3:0c4c Elan Microelectronics Corp. ELAN:ARM-M4

Here's what's installed:

pacman -Q | grep fprint
fprintd 1.94.2-1
libfprint-elanmoc2-git 1.94.0+10+gd348f17-1
pam-fprint-grosshack 0.2.0-1

And here's whats at the top of /etc/pam.d/system-login in line with what the wiki seems to instruct:

#%PAM-1.0

auth       sufficient pam_fprintd_grosshack.so
auth       sufficient pam_unix.so try_first_pass likeauth nullok
auth       sufficient pam_fprintd.so

I can successfully enroll my fingerprint:

fprintd-enroll "$USER"
Using device /net/reactivated/Fprint/Device/0
Enrolling right-index-finger finger.
Enroll result: enroll-stage-passed
Enroll result: enroll-stage-passed
Enroll result: enroll-stage-passed
Enroll result: enroll-stage-passed
Enroll result: enroll-stage-passed
Enroll result: enroll-stage-passed
Enroll result: enroll-stage-passed
Enroll result: enroll-stage-passed
Enroll result: enroll-completed

Where I must continuously tap the finger until some timer goes out, lest I get an error.

Unfortunately, I cannot ever verify it:

fprintd-verify "$USER"
Using device /net/reactivated/Fprint/Device/0
Listing enrolled fingers:
 - #0: right-index-finger
Verify started!
Verifying: right-index-finger
Verify result: verify-no-match (done)

To make matters worse, if I have a fingerprint enrolled, I cannot login or unlock the device; entering my password just kicks me right back to the login screen, and the fingerprint, of course, fails. The only way to rectify this is to log back in as root or some other user, and delete the fingerprint, at which point I can login like normal as my usual user.

I think the two issues are coupled in some way; that is, I suspect that if the fingerprint was verifiable, the password would work. That, or I've screwed the pam file up.

Any clues would be very welcome!

Offline

Board footer

Powered by FluxBB