Hi, OK, I still don't know what is wrong. I used fprintd-enroll for enrolling my fingerprint as my normal user as well as root.
Here is my /etc/pam.d/common-auth # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) auth [success=3 default=ignore] pam_fprint.so auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass # here's the fallback if no module succeeds auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around auth required pam_permit.so # and here are more per-package modules (the "Additional" block) auth optional pam_ecryptfs.so unwrap auth optional pam_cap.so # end of pam-auth-update config And here is my /etc/pam.d/sudo #%PAM-1.0 #auth required pam_env.so readenv=1 user_readenv=0 #auth required pam_env.so readenv=1 envfile=/etc/default/#locale user_readenv=0 auth required pam_env.so auth sufficient pam_fprintd.so auth sufficient pam_unix.so try_first_pass likeauth nullok auth required pam_deny.so @include common-auth @include common-account @include common-session-noninteractive when I enter sudo something, it asks me for a password. When I leave it blank and press enter, it asks me to scan my finger and then it answers that there is a wrong password. It recognizes my finger prety well, I checked with fprintd-verify. I don't really understand those parameters in /etc/pamd./* so could you please help me? thanks, Vojta Dne 13.9.2013 05:03, Bastien Noc era napsal(a): > Em Thu, 2013-09-12 às 23:43 +0200, Vojtěch Polášek escreveu: >> When using fprintd-enroll, everything works, but when doing sudo, it >> prompts me for a password first and when I just press enter, it says, >> that no fingerpint could be found in the hardware. > Please quote the exact error message (in English as well). Looks like > the PAM stack is badly configured. > >> I tried enrolling with >> pam_fprint_enroll but at the end it exits with data storage failure >> error -1. > You're mixing bits from fprintd (including its pam_fprintd PAM module), > and pam_fprint, which is completely obsolete software. fprintd-enroll is > the correct command for this. > >> And still I am aksed for password first and after then for my fingerprint. >> This is content of my /etc/pam.d/sudo: > I have no idea why your PAM configuration would ask for the password > first, but it's clear that you should look in that direction for solving > the problem. > > Cheers > _______________________________________________ fprint mailing list fprint@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/fprint
