Translation(s): English - Français

Contents

  1. Installation
  2. Configuration
  3. Fingerprint Authentication with sudo

Fingerprint authentication is available in Debian through the fprint project. See the list of supported devices.

Installation

Install packages fprintd (for managing fingerprints) and libpam-fprintd (for enabling fingerprint log in) 

# apt install fprintd libpam-fprintd

Configuration

Fingerprints can be added by running fprintd-enroll CLI command in a terminal or by using GNOME's Settings GUI.

If the CLI command is run without any arguments as shown next, it will request the current user's password and after a successful authentication will start enrolling the right index finger. 

$ fprintd-enroll

When you see something like the following lines in the terminal output 

Using device /net/reactivated/Fprint/Device/0
Enrolling right-index-finger finger.

start touching (or swiping, depending on your device type) the sensor with your right index finger. To each correctly registered touch, the program will react with a line like the following 

Enroll result: enroll-stage-passed

Continue touching the sensor, placing your finger under a different angle each time, until the program reports Enroll result: enroll-completed and quits.

At this point, you should be able to login in your display manager (GDM or LightDM) using your right index finger. GDM, for example, will display "(or swipe finger)" under the password field when prompting for user password. The normal password login will still be available.

You can also verify if your fingerprint was enrolled correctly by running 

$ fprintd-verify

Other helpful commands are fprintd-list fprintd-delete. See man fprintd.1 for more information.

Fingerprint Authentication with sudo

To enable fingerprint authentication with sudo, run 

# pam-auth-update

and enable the "Fingerprint authentication" profile by checking the corresponding checkbox and then pressing "OK" (see Screenshot pam-auth-update).

Now, sudo will request fingerprint authentication. If the user does not authenticate with a fingerprint, a usual password authentication is requested by sudo after a timeout.

Screenshot pam-auth-update
Screenshot pam-auth-update

CategoryPortal | CategorySystemAdministration | CategorySystemSecurity