[fprint] 5 enrolls --> does 6 and breaks with error -22
Vasily Khoruzhick
anarsoul at gmail.com
Sun Jun 17 08:13:19 PDT 2012
Hi, Jonas
On Sun, Jun 17, 2012 at 4:52 PM, Jonas Jelten <jelten at in.tum.de> wrote:
> You have to use fprintd and for pam pam_fprintd.so.
>
> This works for me (X220t) but does have some 'features' you might not
> want to have.
>
> e.g. you cannot stop the fprintd authentication with ^C and fallback to
> password, you have to wait for the (unconfigurable) timeout (very
> annoying over ssh).
>
> also, you can store your fingerprint with the fprintd-enroll command,
> but this does not need a password. This means: ANYONE can just store HIS
> fingerprint under your account by opening a terminal with
> fprintd-enroll, and then execute sudo or whatever pam-auth program.
>
> -> we should require the user's password to update the users fingerprint.
Hey, root can do everything and with sudo you're providing root
privileges to the process
you're invoking.
Regards
Vasily
More information about the fprint
mailing list