[systemd-devel] Antw: [EXT] Re: Disallowing fingerprint authentication if pam_systemd_home.so needs a password
Ulrich Windl
Ulrich.Windl at rz.uni-regensburg.de
Tue Apr 26 06:41:39 UTC 2022
>>> juice <juice at swagman.org> schrieb am 25.04.2022 um 17:03 in Nachricht
<4CBF03CA-7A0A-4DBE-AD00-C6F3938FFB55 at swagman.org>:
>
> 25. huhtikuuta 2022 16.39.56 GMT+03:00 Benjamin Berg
><benjamin at sipsolutions.net> kirjoitti:
>>On Mon, 2022-04-25 at 13:28 +0200, Lennart Poettering wrote:
>>>
>>> Hmm, not sure I follow? I don't know how fingerprint flow of control
>>> is. Is this about authentication-by-fingerprint? Or already about
>>> user-selection-by-fingerprint?
>>
>>I was just thinking of authentication-by-fingerprint. Though I don't
>>think it makes a big difference here.
>>
>
> Using fingerprint for *authentication* is totally broken concept which
> should never be allowed.
Why? Is a PIN any better?
> Fingerprints are *userid*, never *password*.
>
> We leave our fingerprints lying around all the time, and given malicious
> enough adversaries they might as well take our fingers too. (I sure would
> like to avoid that possibility!!)
So you are saying users leave themselves lying around everywhere? ;-)
>
> Fingerprints can be used on place of username, that is OK and does not
> present similar risks.
Fingerprints are mote than a userid IMHO.
>
> - Juice -
More information about the systemd-devel
mailing list