Get T14 Fingerprint working

Hey All,

I am looking for assistance with getting fingerprint working on my Lenovo t14 laptop. I have confirmed that I have the fprintd, libfprint and fprintd_pam modules installed. I have used fprintd-enroll to enroll my fingers and also used fprintd-verify to confirm this is working.

I have used the following to enable the fingerprint

 sudo authselect current
 sudo authselect enable-feature with-fingerprint
 sudo authselect apply-changes
 sudo authselect test sssd -f

and I get the following message

File /etc/pam.d/fingerprint-auth:
auth required pam_debug.so auth=authinfo_unavail

Can anyone assist me with getting this up and running.

Thanks in advanced!

Did you install ‘pam’ package ?

The “pam” package is installed by default on fedora since that is used for login authentication.

I do not use a fingerprint reader, but I find that in /etc/pam.d I have a fingerprint-auth file and a fingerprint-auth.rpmnew file with these differences in content.

# diff /etc/pam.d/fingerprint-auth /etc/pam.d/fingerprint-auth.rpmnew 
1,4c1,4
< # Generated by authselect on Thu Apr 21 21:27:22 2022
< # Do not modify this file manually, use authselect instead. Any user changes will be overwritten.
< # You can stop authselect from managing your configuration by calling 'authselect opt-out'.
< # See authselect(8) for more details.
---
> #%PAM-1.0
> auth        required      pam_env.so
> auth        [success=done default=bad] pam_fprintd.so
> auth        required      pam_deny.so
6,8c6,9
< auth        required                                     pam_env.so
< auth        [success=done default=bad]                   pam_fprintd.so
< auth        required                                     pam_deny.so
---
> account     required      pam_unix.so
> account     sufficient    pam_localuser.so
> account     sufficient    pam_succeed_if.so uid < 500 quiet
> account     required      pam_permit.so
10,14c11
< account     required                                     pam_unix.so
< account     sufficient                                   pam_localuser.so
< account     sufficient                                   pam_usertype.so issystem
< account     [default=bad success=ok user_unknown=ignore] pam_sss.so
< account     required                                     pam_permit.so
---
> password    required      pam_deny.so
16,23c13,17
< password    required                                     pam_deny.so
< 
< session     optional                                     pam_keyinit.so revoke
< session     required                                     pam_limits.so
< -session    optional                                     pam_systemd.so
< session     [success=1 default=ignore]                   pam_succeed_if.so service in crond quiet use_uid
< session     required                                     pam_unix.so
< session     optional                                     pam_sss.so
---
> session     optional      pam_keyinit.so revoke
> session     required      pam_limits.so
> -session     optional      pam_systemd.so
> session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
> session     required      pam_unix.so

I do not find any entry with pam_debug.so in either file so it may not be needed.

Thanks. I am not sure if it is or is not required.

Though, whether I need it or not I am still currently unable to login or use sudo with my fingerprint. any ideas or thoughts.

Thanks in advanced