Bug#749669: gksudo + fprintd: no prompt for PAM authentication based on fingerprint

Krzysztof Słychań krzysztof.slychan at 10g.pl
Thu May 29 00:30:43 UTC 2014


Package: gksu
Version: 2.0.2-6
Severity: important

Dear Maintainer,

I'm using a fingerprint reader and fprintd (0.5.1-1) package for the fingerprint functionality. 
The PAM policy is configured so that it asks for swiping a finger on a reader, and if that fails, asks for user password.

Whenever I use gksudo, I don't get any window with a prompt for swiping my finger, even though the back end works:
I can swipe the finger, press return and the gksudo'ed application starts.

Test case:

1. enter: "gksudo foo" in a terminal window or run prompt (where foo is a placeholder name for an app; in my case, it was gparted and unetbootin)
2. you should get a gksudo prompt asking for swiping a finger - that doesn't happen, you don't get any box
3. if you now swipe your finger and press return on the keyboard, you're authorized and the app (foo) starts correctly

Additional info:

I'm using Debian jessie/sid amd64 with LXDE+Openbox desktop on a Lenovo T61p laptop computer.
There were two kinds of palmrests for this series of machines: one didn't have a fingerprint reader and the other had. 
I've replaced the former with the latter.

Everything besides gksudo worked out of the box after installing fprintd and enrolling my fingerprint:
xscreensaver (unlocking screen), lightdm (user login), sudo, console login - all work correctly and display the proper prompts,
which rules out a bug in fprintd or PAM.

Before adding the fingerprint reader, gksudo worked correctly and asked for my password.

$ uname -a:
Linux blackcat 3.13-1-amd64 #1 SMP Debian 3.13.10-1 (2014-04-15) x86_64 GNU/Linux

lsusb entry:
Bus 002 Device 003: ID 0483:2016 STMicroelectronics Fingerprint Reader

$ cat /etc/pam.d/common-auth: 
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
auth	[success=2 default=ignore]	pam_fprintd.so max_tries=1 timeout=10 # debug
auth	[success=1 default=ignore]	pam_unix.so nullok_secure try_first_pass
# here's the fallback if no module succeeds
auth	requisite			pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth	required			pam_permit.so
# and here are more per-package modules (the "Additional" block)
auth	optional			pam_cap.so 
# end of pam-auth-update config


-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.13-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gksu depends on:
ii  libatk1.0-0               2.12.0-1
ii  libc6                     2.18-7
ii  libcairo2                 1.12.16-2
ii  libfontconfig1            2.11.0-5
ii  libfreetype6              2.5.2-1
ii  libgconf2-4               3.2.6-2
ii  libgdk-pixbuf2.0-0        2.30.7-1
ii  libgksu2-0                2.0.13~pre1-7
ii  libglib2.0-0              2.40.0-3
ii  libgnome-keyring0         3.4.1-1
ii  libgtk2.0-0               2.24.23-1
ii  libpango1.0-0             1.36.3-1
ii  libstartup-notification0  0.12-3
ii  sudo                      1.8.9p5-1

Versions of packages gksu recommends:
ii  gnome-keyring  3.8.2-2+b1

gksu suggests no packages.

-- no debconf information




More information about the pkg-gnome-maintainers mailing list