#language en ~-[[DebianWiki/EditorGuide#translation|Translation(s)]]: English - [[fr/FingerprintAuthentication|Français]]-~ ---- <> Fingerprint authentication is available in Debian through the [[https://fprint.freedesktop.org/|fprint]] project. See the [[https://fprint.freedesktop.org/supported-devices.html|list]] of supported devices. == Installation == Install packages [[DebianPkg:fprintd&exact=1|fprintd]] (for managing fingerprints) and [[DebianPkg:libpam-fprintd&exact=1|libpam-fprintd]] (for enabling fingerprint log in) {{{ # apt install fprintd libpam-fprintd }}} == Configuration == Fingerprints can be added by running {{{fprintd-enroll}}} CLI command in a terminal or by using GNOME's [[https://help.gnome.org/users/gnome-help/stable/session-fingerprint.html.en|Settings GUI.]] If the CLI command is run without any arguments as shown next, it will request the current user's password and after a successful authentication will start enrolling the right index finger. {{{ $ fprintd-enroll }}} When you see something like the following lines in the terminal output {{{ Using device /net/reactivated/Fprint/Device/0 Enrolling right-index-finger finger. }}} start touching (or swiping, depending on your device type) the sensor with your right index finger. To each correctly registered touch, the program will react with a line like the following {{{ Enroll result: enroll-stage-passed }}} Continue touching the sensor, placing your finger under a different angle each time, until the program reports {{{Enroll result: enroll-completed}}} and quits. At this point, you should be able to login in your display manager (GDM or LightDM) using your right index finger. GDM, for example, will display "(or swipe finger)" under the password field when prompting for user password. The normal password login will still be available. You can also verify if your fingerprint was enrolled correctly by running {{{ $ fprintd-verify }}} Other helpful commands are {{{fprintd-list}}} {{{fprintd-delete}}}. See {{{man fprintd.1}}} for more information. == Fingerprint Authentication with sudo == To enable fingerprint authentication with {{{sudo}}}, run {{{ # pam-auth-update }}} and enable the "Fingerprint authentication" profile by checking the corresponding checkbox and then pressing "OK" (see Screenshot pam-auth-update). Now, {{{sudo}}} will request fingerprint authentication. If the user does not authenticate with a fingerprint, a usual password authentication is requested by {{{sudo}}} after a timeout. [[https://screenshots.debian.net/screenshot/libpam-runtime|{{https://screenshots.debian.net/thumbnail/libpam-runtime|Screenshot pam-auth-update|width=160}}]] <
> ~-Screenshot pam-auth-update-~ CategoryPortal | CategorySystemAdministration | CategorySystemSecurity