[Fingerforce-devel] Bug#1130104: fprintd: pam_fprintd causes GDM greeter instability when fingerprint device present but no fingerprints enrolled

Jan Groenewald j.groenewald at sarao.nrf.ac.za
Sun Mar 8 17:15:26 GMT 2026 

Package: fprintd
Version:  1.94.5-2
Severity: normal

When a fingerprint device is present but no fingerprints are enrolled for
the
user, pam_fprintd causes GDM greeter instability at login. The symptom is a
visible black flash on the login screen. Greeter with user list shows ->
flash to tty -> flash to user list again. Then I can log in.

On kernel 6.12.63, the GDM greeter restarts (two gnome-shell instances spawn
in sequence). On kernel 6.12.73, it escalates to a full Xwayland crash that
takes down the entire GDM greeter session.

The root cause appears to be pam_fprintd returning a failure rather than
PAM_IGNORE when no fingerprints are enrolled, causing GDM to restart or
crash
its greeter compositor.

Hardware: Intel Meteor Lake (Goodix MOC Fingerprint Sensor)
Display server: Wayland (GDM/GNOME Shell 48.7)
OS: Debian trixie

Workaround: disable fingerprint authentication in pam-auth-update.

Confirmed with:
  fprintd-list jan
  → "User jan has no fingers enrolled for Goodix MOC Fingerprint Sensor"

-- Logs from kernel 6.12.63 (greeter restart) --

Mar 08 16:28:47 sarao systemd[1]: Starting gdm.service - GNOME Display
Manager...
Mar 08 16:28:47 sarao systemd[1]: Started gdm.service - GNOME Display
Manager.
Mar 08 16:28:47 sarao gdm-launch-environment][1730]:
pam_unix(gdm-launch-environment:session): session opened for user
Debian-gdm(uid=113) by (uid=0)
Mar 08 16:28:47 sarao gnome-shell[1991]: Running GNOME Shell (using mutter
48.7) as a Wayland display server
Mar 08 16:28:47 sarao gnome-shell[1991]: Added device '/dev/dri/card0'
(i915) using atomic mode setting.
Mar 08 16:28:48 sarao gnome-shell[1991]: Using public X11 display :1024,
(using :1025 for managed services)
Mar 08 16:28:48 sarao gnome-shell[1991]: Using Wayland display name
'wayland-0'
Mar 08 16:28:50 sarao gnome-shell[2836]: Running GNOME Shell (using mutter
48.7) as a Wayland display server
Mar 08 16:28:50 sarao gnome-shell[2836]: Added device '/dev/dri/card0'
(i915) using atomic mode setting.
Mar 08 16:28:50 sarao gnome-shell[2836]: Using public X11 display :1024,
(using :1025 for managed services)
Mar 08 16:28:50 sarao gnome-shell[2836]: Using Wayland display name
'wayland-0'
Mar 08 16:28:47 sarao gdm-launch-environment][2799]:
pam_unix(gdm-launch-environment:session): session opened for user
Debian-gdm(uid=113) by (uid=0)
Mar 08 16:28:53 sarao gdm-fingerprint][3288]: gkr-pam: no password is
available for user

-- Logs from kernel 6.12.73 (Xwayland crash) --

Mar 08 16:28:47 sarao systemd[1]: Starting gdm.service - GNOME Display
Manager...
Mar 08 16:28:47 sarao systemd[1]: Started gdm.service - GNOME Display
Manager.
Mar 08 16:28:47 sarao gdm-launch-environment][1730]:
pam_unix(gdm-launch-environment:session): session opened for user
Debian-gdm(uid=113) by (uid=0)
Mar 08 16:28:47 sarao gnome-shell[1991]: Running GNOME Shell (using mutter
48.7) as a Wayland display server
Mar 08 16:28:47 sarao gnome-shell[1991]: Added device '/dev/dri/card0'
(i915) using atomic mode setting.
Mar 08 16:28:48 sarao gnome-shell[1991]: Using public X11 display :1024,
(using :1025 for managed services)
Mar 08 16:28:48 sarao gnome-shell[1991]: Using Wayland display name
'wayland-0'
Mar 08 16:28:50 sarao gnome-shell[2836]: Running GNOME Shell (using mutter
48.7) as a Wayland display server
Mar 08 16:28:50 sarao gnome-shell[2836]: Added device '/dev/dri/card0'
(i915) using atomic mode setting.
Mar 08 16:28:50 sarao gnome-shell[2836]: Using public X11 display :1024,
(using :1025 for managed services)
Mar 08 16:28:50 sarao gnome-shell[2836]: Using Wayland display name
'wayland-0'
Mar 08 16:28:47 sarao gdm-launch-environment][2799]:
pam_unix(gdm-launch-environment:session): session opened for user
Debian-gdm(uid=113) by (uid=0)
Mar 08 16:28:53 sarao gdm-fingerprint][3288]: gkr-pam: no password is
available for user


-- 
Jan Groenewald
DevOps Engineer
NRF-SARAO

Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/fingerforce-devel/attachments/20260308/324261dd/attachment.htm>

More information about the Fingerforce-devel mailing list