[Fingerforce-devel] Bug#881186: Please do not add the PAM module automatically to the PAM configuration

Laurent Bigonville bigon at debian.org
Wed Nov 8 16:53:37 UTC 2017 

Package: libpam-fprintd
Version: 0.8.0-1
Severity: wishlist
Tags: patch

Hi,

GDM/GNOME are allowing the users to nicely setup their login using
fingerprint directly from gnome-control-center.

GDM is using two PAM services gdm-password and gdm-fingerprint
(which is not shipped in Debian but is in other distro like Fedora) to
allow the user to either use the password or his fingerprints to login.

ATM libpam-fprintd is adding automatically the module to common-auth,
this means that gdm-password (which includes common-auth) will also try
to use the libpam-fprintd module in the of the password login.
Completely breaking the dual PAM service that is implemented by
upstream.

Could it be possible to not add the PAM module to common-auth by
default?

In any case somebody that want to use libpam-fprintd outside of GNOME
will have to enroll his fingerprints by some command line, adding an
extra call to pam-auth-update whouldn't be a big problem IMHO.

What do you think about that?

Kind regards,

Laurent Bigonville

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy

Versions of packages libpam-fprintd depends on:
ii  fprintd           0.8.0-1
ii  libc6             2.24-17
ii  libdbus-1-3       1.12.0-1
ii  libdbus-glib-1-2  0.108-3
ii  libglib2.0-0      2.54.2-1
ii  libpam-runtime    1.1.8-3.6
ii  libpam0g          1.1.8-3.6

libpam-fprintd recommends no packages.

libpam-fprintd suggests no packages.

-- no debconf information
-------------- next part --------------
diff -Nru fprintd-0.8.0/debian/pam-configs/fprintd fprintd-0.8.0/debian/pam-configs/fprintd
--- fprintd-0.8.0/debian/pam-configs/fprintd	2016-12-02 17:18:15.000000000 +0100
+++ fprintd-0.8.0/debian/pam-configs/fprintd	2017-11-08 17:51:20.000000000 +0100
@@ -1,5 +1,5 @@
 Name: Fingerprint authentication
-Default: yes
+Default: no
 Priority: 260
 Conflicts: fprint
 Auth-Type: Primary

More information about the Fingerforce-devel mailing list