On Sun, 2012-06-17 at 15:52 +0200, Jonas Jelten wrote: > You have to use fprintd and for pam pam_fprintd.so. > > This works for me (X220t) but does have some 'features' you might not > want to have. > > e.g. you cannot stop the fprintd authentication with ^C and fallback to > password, you have to wait for the (unconfigurable) timeout (very > annoying over ssh).
It's not supposed to query for a fingerprint over ssh. That'd be a bug. > also, you can store your fingerprint with the fprintd-enroll command, > but this does not need a password. This means: ANYONE can just store HIS > fingerprint under your account by opening a terminal with > fprintd-enroll, and then execute sudo or whatever pam-auth program. Anyone can copy their SSH key into your authorized keys too. > -> we should require the user's password to update the users fingerprint. > > next, you can only enroll the index finger on pam-password-prompt, no > config option here as well. That's because fprintd-enroll is a test tool, not a command-line interface for fingerprint management. You can enhance fprintd-enroll, write your own D-Bus client to do all that, or use GNOME's User Accounts panel to add a finger other than the index finger. > at last, i cant find a manpage about /etc/fprintd.conf, what are > possible config options? > > > and no, i don't want to use the fprint-gui. Not sure what that is, but the only guys there are for fprintd management are GNOME and KDE's panels. At least that I know of. Cheers _______________________________________________ fprint mailing list fprint@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/fprint
