Jump to content

Fingerprint scanner: Difference between revisions

From Official NixOS Wiki
← Older edit
QuBe (talk | contribs)
8 edits
VisualWikitext
Frontear (talk | contribs)
29 edits
don't encourage enabling fprintd service at boot, this goes against upstream wishes and can lead to possible hardware damage, as many fingerprint scanners are not intended to remain "active" for a long time. it is more appropriate for the service to activate via dbus when it is needed, to greatly reduce this risk.
QuBe (talk | contribs)
8 edits
Add setup instructions for KDE Plasma
Tags: Mobile edit Mobile web edit
 
(One intermediate revision by one other user not shown)
Line 2: Line 2:


== Install ==
== Install ==
<syntaxhighlight lang="nixos">
{{File|3={ config, lib, pkgs, ... }: {
# configuration.nix
{ config, lib, pkgs, ... }: {
  # ...


   # Install the driver
   # Install the driver
Line 21: Line 18:
   #  libfprint = pkgs.libfprint-focaltech-2808-a658;
   #  libfprint = pkgs.libfprint-focaltech-2808-a658;
   # };
   # };
}
}|name=/etc/nixos/configuration.nix|lang=nix}}
</syntaxhighlight>


== Enroll fingerprint ==
== Enroll fingerprint ==
Line 38: Line 34:


'''Note:''' If the ''Fingerprint Login'' item is not available, the <code>fprintd</code> driver might not be configured correctly.
'''Note:''' If the ''Fingerprint Login'' item is not available, the <code>fprintd</code> driver might not be configured correctly.
=== KDE Plasma ===
In [[KDE|KDE Plasma]], the fingerprints can be configured through the Settings application.
# Open System Monitor
# On the menu on the left, scroll down to ''Users'' and enter it
# Select your user
# Enter ''Configure Fingerprint Authentication'' and follow the instructions to add your fingerprints
'''Note:''' If the ''Configure Fingerprint Authentication'' item is not available, the <code>fprintd</code> driver might not be configured correctly.


== Login ==
== Login ==

Latest revision as of 21:44, 24 March 2026

Fingerprint scanners (on laptop computers) can be used to unlock devices instead of using passwords.

Install

❄︎ /etc/nixos/configuration.nix
{ config, lib, pkgs, ... }: {

  # Install the driver
  services.fprintd.enable = true;
  # If simply enabling fprintd is not enough, try enabling fprintd.tod...
  services.fprintd.tod.enable = true;
  # ...and use one of the next four drivers
  services.fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix; # Goodix driver module
  # services.fprintd.tod.driver = pkgs.libfprint-2-tod1-elan; # Elan(04f3:0c4b) driver
  # services.fprintd.tod.driver = pkgs.libfprint-2-tod1-vfs0090; # (Marked as broken as of 2025/04/23!) driver for 2016 ThinkPads
  # services.fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix-550a; # Goodix 550a driver (from Lenovo)

  # however for focaltech 2808:a658, use fprintd with overidden package (without tod)
  # services.fprintd.package = pkgs.fprintd.override {
  #   libfprint = pkgs.libfprint-focaltech-2808-a658;
  # };
}

Enroll fingerprint

Fingerprint enrollment can be done via the CLI or the UI in the Desktop Environment if available.

CLI

$ fprintd-enroll

Gnome

In Gnome, the the fingerprints can be configured through the Settings application.

  1. Open Gnome Settings
  2. Scroll down to System
  3. Enter the Users menu
  4. Enter Fingerprint Login and add fingerprints

Note: If the Fingerprint Login item is not available, the fprintd driver might not be configured correctly.

KDE Plasma

In KDE Plasma, the fingerprints can be configured through the Settings application.

  1. Open System Monitor
  2. On the menu on the left, scroll down to Users and enter it
  3. Select your user
  4. Enter Configure Fingerprint Authentication and follow the instructions to add your fingerprints

Note: If the Configure Fingerprint Authentication item is not available, the fprintd driver might not be configured correctly.

Login

While services.fprintd.enable = true; enables fingerprint login for the majority of display manager via the corresponding PAM module, it can sometimes disable the ability to login using a password. This is addressed in the GitHub issue 171136. In that issue, a possible workaround is addressed using a custom PAM module for the gnome display manager:

security.pam.services.login.fprintAuth = false;
security.pam.services.gdm-fingerprint = lib.mkIf (config.services.fprintd.enable) {
  text = ''
    auth       required                    pam_shells.so
    auth       requisite                   pam_nologin.so
    auth       requisite                   pam_faillock.so      preauth
    auth       required                    ${pkgs.fprintd}/lib/security/pam_fprintd.so
    auth       optional                    pam_permit.so
    auth       required                    pam_env.so
    auth       [success=ok default=1]      ${pkgs.gdm}/lib/security/pam_gdm.so
    auth       optional                    ${pkgs.gnome-keyring}/lib/security/pam_gnome_keyring.so

    account    include                     login

    password   required                    pam_deny.so

    session    include                     login
    session    optional                    ${pkgs.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
  '';
};
Retrieved from "https://wiki.nixos.org/w/index.php?title=Fingerprint_scanner&oldid=30941"