[RESPONDED] Fingerprint sensor breaks SDDM on kubuntu

After setting up the fingerprint sensor up in kubuntu 23.04 it works flawlessly apart from the fact that i cannot login through sddm after rebooting the system. This ruins the fingerprint scanner feature as i need to switch to tty2 and remove the fingerprint and re-enroll it every time I turn the laptop off.

I have found a temporary solution of automatically logging in and using a script to force the kde plasma screensaver that requires login.

Hi @SirChipalot
From what I understand, this is an issue with SDDM, it does not support login with fingerprint with the current release version 0.19.0 at login.

If you do want to make it work, read through [RESPONDED] Fingerprint scanner compatibility with linux (ubuntu, fedora, etc)

I have seen people mention scripts and other workarounds.
I have not personally tried any of them, I don’t use the fingerprint at all.

1 Like

Yep, this is basically a part of it.

@SirChipalot Also we actively have what we are supporting on the landing page.

You just need to add

auth sufficient pam_fprintd.so

to the top of /etc/pam.d/common-auth

Do not run pam-auth-update

This will require fingerprint for sudo, and login at SDDM (sometimes it seems you press enter first to accept a blank password).

1 Like

I upgraded to 23.10. I tried both adding

auth sufficient pam_fprintd.so

and running pam-auth-update.

Adding the suggested line worked, but I couldn’t use my password any more with sudo or to login. With pam-auth-update I could use my password after 10 seconds. It appears that the fingerprint reader would block other means of auth for 10 seconds before trying other means of identification.

Neither of these are great. I would like to be able to auth with either my password or my finger.

Here is what pam-auth-update put into my common-auth file:

auth  [success=2 default=ignore]      pam_fprintd.so max-tries=1 timeout=10 # debug
auth  [success=1 default=ignore]      pam_unix.so nullok try_first_pass

I see the 10 second timeout and it looks like the unix login is trying to run, but is seems like it is blocked by the fprintd. Is there a way to make them run in parallel?

I’m not sure why you’d want to use a lower security method like password, if biometric is available.

Regardless, I don’t think PAM can ask two questions at once.