[Fingerforce-devel] Bug#452178: libpam-thinkfinger: being enabled in common-auth forbids user with a fingerpring to login via ssh using password

[Yaroslav Halchenko]

Package: libpam-thinkfinger
Version: 0.3-2
Severity: important


Thanks for a cute package
I've got a problem though for which I spent quite a bit of time to
figure WTF.
I enabled pam module per recommendations:
$> less /etc/pam.d/common-auth 
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#
auth    sufficient  pam_thinkfinger.so
auth    required    pam_unix.so nullok_secure try_first_pass

also I did try without try_first_pass with the same result:

if use with associated fingerprint tries to ssh using password
authentication -- connection gets dropped right after user types in his
password. Confirmed by a friend of mine - the same on his freshly installed
Debian box

Cheers


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (300, 'experimental'), (60, 'hardy'), (50, 'gutsy')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.23-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libpam-thinkfinger depends on:
ii  libc6                         2.7-0exp8  GNU C Library: Shared libraries
ii  libpam0g                      0.99.7.1-5 Pluggable Authentication Modules l
ii  libthinkfinger0               0.3-2      library for the STMicroelectronics

Versions of packages libpam-thinkfinger recommends:
ii  thinkfinger-tools             0.3-2      utilities for the STMicroelectroni

-- no debconf information