I am looking for assistance with getting fingerprint working on my Lenovo t14 laptop. I have confirmed that I have the fprintd, libfprint and fprintd_pam modules installed. I have used fprintd-enroll to enroll my fingers and also used fprintd-verify to confirm this is working.
I have used the following to enable the fingerprint
sudo authselect current
sudo authselect enable-feature with-fingerprint
sudo authselect apply-changes
sudo authselect test sssd -f
I do not use a fingerprint reader, but I find that in /etc/pam.d I have a fingerprint-auth file and a fingerprint-auth.rpmnew file with these differences in content.
# diff /etc/pam.d/fingerprint-auth /etc/pam.d/fingerprint-auth.rpmnew
1,4c1,4
< # Generated by authselect on Thu Apr 21 21:27:22 2022
< # Do not modify this file manually, use authselect instead. Any user changes will be overwritten.
< # You can stop authselect from managing your configuration by calling 'authselect opt-out'.
< # See authselect(8) for more details.
---
> #%PAM-1.0
> auth required pam_env.so
> auth [success=done default=bad] pam_fprintd.so
> auth required pam_deny.so
6,8c6,9
< auth required pam_env.so
< auth [success=done default=bad] pam_fprintd.so
< auth required pam_deny.so
---
> account required pam_unix.so
> account sufficient pam_localuser.so
> account sufficient pam_succeed_if.so uid < 500 quiet
> account required pam_permit.so
10,14c11
< account required pam_unix.so
< account sufficient pam_localuser.so
< account sufficient pam_usertype.so issystem
< account [default=bad success=ok user_unknown=ignore] pam_sss.so
< account required pam_permit.so
---
> password required pam_deny.so
16,23c13,17
< password required pam_deny.so
<
< session optional pam_keyinit.so revoke
< session required pam_limits.so
< -session optional pam_systemd.so
< session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
< session required pam_unix.so
< session optional pam_sss.so
---
> session optional pam_keyinit.so revoke
> session required pam_limits.so
> -session optional pam_systemd.so
> session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
> session required pam_unix.so
I do not find any entry with pam_debug.so in either file so it may not be needed.