[Fingerforce-devel] Bug#881186: Please do not add the PAM module automatically to the PAM configuration

Laurent Bigonville bigon at debian.org
Wed Nov 8 16:53:37 UTC 2017

Package: libpam-fprintd
Version: 0.8.0-1
Severity: wishlist
Tags: patch


GDM/GNOME are allowing the users to nicely setup their login using
fingerprint directly from gnome-control-center.

GDM is using two PAM services gdm-password and gdm-fingerprint
(which is not shipped in Debian but is in other distro like Fedora) to
allow the user to either use the password or his fingerprints to login.

ATM libpam-fprintd is adding automatically the module to common-auth,
this means that gdm-password (which includes common-auth) will also try
to use the libpam-fprintd module in the of the password login.
Completely breaking the dual PAM service that is implemented by

Could it be possible to not add the PAM module to common-auth by

In any case somebody that want to use libpam-fprintd outside of GNOME
will have to enroll his fingerprints by some command line, adding an
extra call to pam-auth-update whouldn't be a big problem IMHO.

What do you think about that?

Kind regards,

Laurent Bigonville

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy

Versions of packages libpam-fprintd depends on:
ii  fprintd           0.8.0-1
ii  libc6             2.24-17
ii  libdbus-1-3       1.12.0-1
ii  libdbus-glib-1-2  0.108-3
ii  libglib2.0-0      2.54.2-1
ii  libpam-runtime    1.1.8-3.6
ii  libpam0g          1.1.8-3.6

libpam-fprintd recommends no packages.

libpam-fprintd suggests no packages.

-- no debconf information
-------------- next part --------------
diff -Nru fprintd-0.8.0/debian/pam-configs/fprintd fprintd-0.8.0/debian/pam-configs/fprintd
--- fprintd-0.8.0/debian/pam-configs/fprintd	2016-12-02 17:18:15.000000000 +0100
+++ fprintd-0.8.0/debian/pam-configs/fprintd	2017-11-08 17:51:20.000000000 +0100
@@ -1,5 +1,5 @@
 Name: Fingerprint authentication
-Default: yes
+Default: no
 Priority: 260
 Conflicts: fprint
 Auth-Type: Primary

More information about the Fingerforce-devel mailing list