[fprint] New ubuntu user

Vojtěch Polášek krecoun at gmail.com
Wed Oct 23 12:28:41 PDT 2013 

Hi,
OK, I still don't know what is wrong.
I used fprintd-enroll for enrolling my fingerprint as my normal user as
well as root.

Here is my /etc/pam.d/common-auth
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
auth    [success=3 default=ignore]    pam_fprint.so
auth    [success=2 default=ignore]    pam_unix.so nullok_secure
try_first_pass
auth    [success=1 default=ignore]    pam_winbind.so krb5_auth
krb5_ccache_type=FILE cached_login try_first_pass
# here's the fallback if no module succeeds
auth    requisite            pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth    required            pam_permit.so
# and here are more per-package modules (the "Additional" block)
auth    optional    pam_ecryptfs.so unwrap
auth    optional            pam_cap.so
# end of pam-auth-update config

And here is my /etc/pam.d/sudo
#%PAM-1.0

#auth       required   pam_env.so readenv=1 user_readenv=0
#auth       required   pam_env.so readenv=1 envfile=/etc/default/#locale
user_readenv=0
auth       required pam_env.so
auth       sufficient   pam_fprintd.so
auth       sufficient   pam_unix.so try_first_pass likeauth nullok
auth       required pam_deny.so
@include common-auth
@include common-account
@include common-session-noninteractive

when I enter sudo something, it asks me for a password. When I leave it
blank and press enter, it asks me to scan my finger and then it answers
that there is a wrong password. It recognizes my finger prety well, I
checked with fprintd-verify.
I don't really understand those parameters in /etc/pamd./* so could you
please help me?
thanks,
Vojta
   

Dne 13.9.2013 05:03, Bastien Noc
era napsal(a):
> Em Thu, 2013-09-12 às 23:43 +0200, Vojtěch Polášek escreveu:
>> When using fprintd-enroll, everything works, but when doing sudo, it
>> prompts me for a password first and when I just press enter, it says,
>> that no fingerpint could be found in the hardware.
> Please quote the exact error message (in English as well). Looks like
> the PAM stack is badly configured.
>
>> I tried enrolling with
>> pam_fprint_enroll but at the end it exits with data storage failure
>> error -1.
> You're mixing bits from fprintd (including its pam_fprintd PAM module),
> and pam_fprint, which is completely obsolete software. fprintd-enroll is
> the correct command for this.
>
>> And still I am aksed for password first and after then for my fingerprint.
>> This is content of my /etc/pam.d/sudo:
> I have no idea why your PAM configuration would ask for the password
> first, but it's clear that you should look in that direction for solving
> the problem.
>
> Cheers
>

More information about the fprint mailing list