Hi, if the home directory needs to be decrypted during login then we really need a password for authentication, etc. And, that means that fingerprint login must not be used (if we are authenticating to log in the user). I have not looked at pam_systemd_home.so more closely. But, if we need the user's password, we need to either immediately return PAM_AUTHINFO_UNAVAIL (GDM) or skip fingerprint auth (TTY). My thinking is, that we can easily add an option to pam_systemd_home.so so that it returns an error condition telling us whether an authentication token is needed or if a specific type of authentication is acceptable (e.g. smartcard/fingerprint). This would allow us to either jump over the pam_fprintd.so module or create rules to immediately error out. Does anyone know what is already possible, or is there someone willing to add the required feature to implement it? Benjamin
Attachment:
signature.asc
Description: This is a digitally signed message part
