Hi Nicolas,
On Thu, 17 Apr 2025 02:46:13 +0800,
Nicolas Maupu wrote:
>
> Hello !
>
> I enabled fprintd with fprintd and added fprintd-service-type service to my
> configuration.
> This works : I can enroll and verify my fingerprints with success.
>
> However, fingerprints cannot be used to login from GDM, nor from sudo or
> any other authentication tools.
> As far as I understand, this needs some PAM configuration to be added to
> existing config files.
> For example, if I want to be able to use fingerprints to authenticate with
> sudo, I would need to add to /etc/static/pam.d/sudo:
>
> auth sufficient pam_fprintd.so
>
> I came across the "pam-extension" function browsing the guix source code
> but I am not sure on how I can implement that in my system.scm...
>
> Is there a tutorial or an example snippet I can use to achieve that?
>
> Thanks,
> Nicolas
The following service is equivalent to your need:
--8<---------------cut here---------------start------------->8---
(simple-service 'my-pam-service pam-root-service-type
(let ((my-pam-entry
(pam-entry
(control "sufficient")
(module (file-append fprintd "/lib/security/pam_fprintd.so")))))
(list (pam-extension
(transformer
(lambda (pam)
(if (string=? "sudo" (pam-service-name pam))
(pam-service
(inherit pam)
(auth
(append (pam-service-auth pam)
(list my-pam-entry))))
pam)))))))
--8<---------------cut here---------------end--------------->8---
Thanks
