Fingerprint scanner: Difference between revisions
Add a section about how to configure fingerprint login like in other distros |
m Add gnome pre-text |
||
(One intermediate revision by the same user not shown) | |||
Line 22: | Line 22: | ||
== Enroll fingerprint == | == Enroll fingerprint == | ||
Fingerprint enrollment can be done via the [[Command Shell|CLI]] or the UI in the Desktop Environment if available. | |||
=== CLI === | |||
<syntaxhighlight lang="bash">$ sudo fprintd-enroll</syntaxhighlight> | |||
=== Gnome === | |||
In [[GNOME|Gnome]], the the fingerprints can be configured through the Settings application. | |||
# Open Gnome Settings | |||
# Scroll down to ''System'' | |||
# Enter the ''Users'' menu | |||
# Enter ''Fingerprint Login'' and add fingerprints | |||
'''Note:''' If the ''Fingerprint Login'' item is not available, the <code>fprintd</code> driver might not be configured correctly. | |||
== Login == | == Login == |
Latest revision as of 19:08, 16 December 2024
Fingerprint scanners (on laptop computers) can be used to unlock devices instead of using passwords.
Install
# Start the driver at boot
systemd.services.fprintd = {
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "simple";
};
# Install the driver
services.fprintd.enable = true;
# If simply enabling fprintd is not enough, try enabling fprintd.tod...
services.fprintd.tod.enable = true;
# ...and use one of the next four drivers
services.fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix; # Goodix driver module
# services.fprintd.tod.driver = pkgs.libfprint-2-tod1-elan # Elan(04f3:0c4b) driver
# services.fprintd.tod.driver = pkgs.libfprint-2-tod1-vfs0090; # driver for 2016 ThinkPads
# services.fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix-550a # Goodix 550a driver (from Lenovo)
Enroll fingerprint
Fingerprint enrollment can be done via the CLI or the UI in the Desktop Environment if available.
CLI
$ sudo fprintd-enroll
Gnome
In Gnome, the the fingerprints can be configured through the Settings application.
- Open Gnome Settings
- Scroll down to System
- Enter the Users menu
- Enter Fingerprint Login and add fingerprints
Note: If the Fingerprint Login item is not available, the fprintd
driver might not be configured correctly.
Login
While services.fprintd.enable = true;
enables fingerprint login for the majority of display manager via the corresponding PAM module, it can sometimes disable the ability to login using a password. This is addressed in the GitHub issue 171136. In that issue, a possible workaround is addressed using a custom PAM module for the gnome display manager:
security.pam.services.login.fprintAuth = false;
security.pam.services.gdm-fingerprint = lib.mkIf (config.services.fprintd.enable) {
text = ''
auth required pam_shells.so
auth requisite pam_nologin.so
auth requisite pam_faillock.so preauth
auth required ${pkgs.fprintd}/lib/security/pam_fprintd.so
auth optional pam_permit.so
auth required pam_env.so
auth [success=ok default=1] ${pkgs.gnome.gdm}/lib/security/pam_gdm.so
auth optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so
account include login
password required pam_deny.so
session include login
session optional ${pkgs.gnome.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
'';
};
};