Setting up fprintd for swaylock: Difference between revisions
(Swaylock using fprintd) |
No edit summary |
||
| Line 1: | Line 1: | ||
To enable swaylock to unlock like so: | To enable swaylock to unlock like so: | ||
<enter password> <hit enter> | <enter password> <hit enter> | ||
or | or | ||
<hit enter> <touch fingerprint sensor> | <hit enter> <touch fingerprint sensor> | ||
To install fprintd: | To install fprintd: | ||
doas apk add fprintd | $ doas apk add fprintd | ||
Upon installation a standard user was not authorized to add prints. | Upon installation a standard user was not authorized to add prints. | ||
The below was used to allow members of the 'input' group to add prints: | The below was used to allow members of the 'input' group to add prints: | ||
sudo tee /etc/polkit-1/rules.d/50-fingerprint.rules << 'EOF' | $ sudo tee /etc/polkit-1/rules.d/50-fingerprint.rules << 'EOF' | ||
polkit.addRule(function (action, subject) { | polkit.addRule(function (action, subject) { | ||
if (action.id.indexOf("net.reactivated.fprint.") == 0) { | if (action.id.indexOf("net.reactivated.fprint.") == 0) { | ||
| Line 20: | Line 23: | ||
EOF | EOF | ||
doas adduser $USER input | $ doas adduser $USER input | ||
(reboot) | (reboot) | ||
| Line 26: | Line 29: | ||
I previously enrolled a print for root accidentally, needed to delete it (as well as for my user for good measure): | I previously enrolled a print for root accidentally, needed to delete it (as well as for my user for good measure): | ||
fprintd-delete $(whoami) | $ fprintd-delete $(whoami) | ||
fprintd-delete root | $ fprintd-delete root | ||
Then enroll fresh print(s): | Then enroll fresh print(s): | ||
fprintd-enroll | $ fprintd-enroll | ||
fprintd-verify | $ fprintd-verify | ||
Then, to set the swaylock config: | Then, to set the swaylock config: | ||
sudo tee /etc/pam.d/swaylock << 'EOF' | $ sudo tee /etc/pam.d/swaylock << 'EOF' | ||
# Try password authentication first | # Try password authentication first | ||
auth sufficient pam_unix.so nullok | auth sufficient pam_unix.so nullok | ||
Revision as of 13:31, 1 September 2025
To enable swaylock to unlock like so:
<enter password> <hit enter>
or
<hit enter> <touch fingerprint sensor>
To install fprintd: $ doas apk add fprintd
Upon installation a standard user was not authorized to add prints. The below was used to allow members of the 'input' group to add prints:
$ sudo tee /etc/polkit-1/rules.d/50-fingerprint.rules << 'EOF' polkit.addRule(function (action, subject) { if (action.id.indexOf("net.reactivated.fprint.") == 0) { if (subject.isInGroup("input")) { return polkit.Result.YES; } } }); EOF
$ doas adduser $USER input
(reboot)
I previously enrolled a print for root accidentally, needed to delete it (as well as for my user for good measure):
$ fprintd-delete $(whoami) $ fprintd-delete root
Then enroll fresh print(s):
$ fprintd-enroll $ fprintd-verify
Then, to set the swaylock config:
$ sudo tee /etc/pam.d/swaylock << 'EOF'
- Try password authentication first
auth sufficient pam_unix.so nullok
- If no password provided, try fingerprint
auth sufficient pam_fprintd.so ignore-empty-password auth required pam_deny.so # Keep the wallet stuff -auth optional pam_kwallet.so -auth optional pam_kwallet5.so -session optional pam_kwallet.so auto_start -session optional pam_kwallet5.so auto_start EOF