Translation(s): English - Français
Fingerprint authentication is available in Debian through the fprint project. See the list of supported devices.
Installation
Install packages fprintd (for managing fingerprints) and libpam-fprintd (for enabling fingerprint log in)
# apt install fprintd libpam-fprintd
Configuration
Fingerprints can be added by running fprintd-enroll CLI command in a terminal or by using GNOME's Settings GUI.
If the CLI command is run without any arguments as shown next, it will request the current user's password and after a successful authentication will start enrolling the right index finger.
$ fprintd-enroll
When you see something like the following lines in the terminal output
Using device /net/reactivated/Fprint/Device/0 Enrolling right-index-finger finger.
start touching (or swiping, depending on your device type) the sensor with your right index finger. To each correctly registered touch, the program will react with a line like the following
Enroll result: enroll-stage-passed
Continue touching the sensor, placing your finger under a different angle each time, until the program reports Enroll result: enroll-completed and quits.
At this point, you should be able to login in your display manager (GDM or LightDM) using your right index finger. GDM, for example, will display "(or swipe finger)" under the password field when prompting for user password. The normal password login will still be available.
You can also verify if your fingerprint was enrolled correctly by running
$ fprintd-verify
Other helpful commands are fprintd-list fprintd-delete. See man fprintd.1 for more information.
Fingerprint Authentication with sudo
To enable fingerprint authentication with sudo, run
# pam-auth-update
and enable the "Fingerprint authentication" profile by checking the corresponding checkbox and then pressing "OK" (see Screenshot pam-auth-update).
Now, sudo will request fingerprint authentication. If the user does not authenticate with a fingerprint, a usual password authentication is requested by sudo after a timeout.
CategoryPortal | CategorySystemAdministration | CategorySystemSecurity