[GUIDE/SOLVED] Sudo and Login with Fingerprint Reader under KDE/Arch Linux

Hi, I managed get login and sudo to work with the fingerprint reader under KDE, Arch Linux.

What I was trying now under Arch Linux

I can enroll my fingerprint using the KDE system settings, it seems to work fine.
I checked that fprintd is installed (if not, install it pacman -S fprintd)

pacman -Qi fprintd

I enrolled my fingerprint again using fprintd-enroll.
I edited /etc/pam.d/login,sudo and kde so that they now look like this (eg. use sudo vim)

#%PAM-1.0

auth       required     pam_securetty.so
auth       requisite    pam_nologin.so
auth       include      system-local-login
account    include      system-local-login
session    include      system-local-login
password   include      system-local-login
➜  ~ cat /etc/pam.d/sudo
#%PAM-1.0
auth            sufficient      pam_unix.so try_first_pass likeauth nullok
auth            sufficient      pam_fprintd.so
auth		include		system-auth
account		include		system-auth
session		include		system-auth
➜  ~ cat /etc/pam.d/kde
#%PAM-1.0
auth            sufficient      pam_unix.so try_first_pass likeauth nullok
auth            sufficient      pam_fprintd.so
auth            include         system-login

account         include         system-login

password        include         system-login

session         include         system-login

restart your system and consider making a full upgrade. Fingerprint works for unlocking the screen (not for login, when starting the system) and sudo, to do it when prompted for the sudo password press enter and then you will get asked for the fingerprint like this

➜  ~ sudo echo test
[sudo] password for ******:
Place your finger on the fingerprint reader
test

for unlock: press enter and then you get asked for fingerprint.

Let me know if this worked on your system :smiley:

3 Likes

I had it all set up at one point, but have since reverted to password based login. I could not achieve a “fingerprint or password, whichever comes first” setup. Depending on whether I was docked to my desk fp might be more convenient, or password might be significantly more convenient. In fact, I ran into situations where PAM would only proceed using a FP, even after correctly applying a password at a prompt.

So, yes, it is possible under Arch, but I’ve since trashed my recipe for it so cannot give you the exact steps.

1 Like

While I don’t officially support Arch, we test against GNOME on Fedora 38 and Ubuntu 22.04.3.
I don’t have anything to add outside of what D.H shared, so I’m just following this thread.

pam-fprint-grosshackAUR might be what you are looking for.

It is mentioned in the fprint page in the Arch Wiki

2 Likes