Ok, I get it that when you use fingerprint there’s no way to unlock keyring and you have to enter password ( I don’t like it , but I get the message).
But is there a way to set it up so I would be able to use either password OR fingerpint. Another option would be ask for password as the first option if this fails try fingerprint. This way I would be able to log in with password and use fingerprint only for unlocking the screen.
It seems there must be a way as for a couple of days it has been working this way on my end (OpenSUSE Tumbleweed, Gnome 44.1). Initially it was a total mess, when I enabled fingerprint sensor GDM was in constant failed loop. I had to be fast with my password to log in.
So after reinstalling the fingerprintd packages and fiddling the settings (like modding the /etc/pam.d/common-auth-pc
and adding “auth sufficient pam_fprintd.so” - which later on I read that I shouldn’t touch) I got the desired behavior. Sadly it went away after the update. Tried playing with /usr/lib/pam.d/gdm-fingerprint (as it seems this is the one I should modify) but with no success.
Any suggestions?
edit:
gdm-fingerprint
#%PAM-1.0
auth required pam_shells.so
auth requisite pam_nologin.so
auth requisite pam_faillock.so preauth
auth required pam_fprintd.so
auth optional pam_permit.so
auth required pam_env.so
auth [success=ok default=1] pam_gdm.so
auth optional pam_gnome_keyring.so
account substack common-account
account include common-account
password required pam_deny.so
session substack common-session
session include postlogin-session
session optional pam_gnome_keyring.so auto_start
common-account
account required pam_unix.so try_first_pass
common-session
session optional pam_systemd.so
session required pam_limits.so
session required pam_unix.so try_first_pass
session optional pam_umask.so
session optional pam_env.so