Setting up fprintd for swaylock
To enable swaylock to unlock like so:
<enter password> <hit enter>
or
<hit enter> <touch fingerprint sensor>
To install fprintd: $ doas apk add fprintd
Upon installation a standard user was not authorized to add prints. The below was used to allow members of the 'input' group to add prints:
$ sudo tee /etc/polkit-1/rules.d/50-fingerprint.rules << 'EOF' polkit.addRule(function (action, subject) { if (action.id.indexOf("net.reactivated.fprint.") == 0) { if (subject.isInGroup("input")) { return polkit.Result.YES; } } }); EOF
$ doas adduser $USER input
(reboot)
I previously enrolled a print for root accidentally, needed to delete it (as well as for my user for good measure):
$ fprintd-delete $(whoami) $ fprintd-delete root
Then enroll fresh print(s):
$ fprintd-enroll $ fprintd-verify
Then, to set the swaylock config:
$ sudo tee /etc/pam.d/swaylock << 'EOF'
- Try password authentication first
auth sufficient pam_unix.so nullok
- If no password provided, try fingerprint
auth sufficient pam_fprintd.so ignore-empty-password auth required pam_deny.so # Keep the wallet stuff -auth optional pam_kwallet.so -auth optional pam_kwallet5.so -session optional pam_kwallet.so auto_start -session optional pam_kwallet5.so auto_start EOF