I’m trying to get fingerprint to work again on Fedora 40.

• My sensor works and I was able to fprint enroll.
• fprintd.service is running
• Gnome Settings > Users > Myuser > Fingerprint login enabled

When I’m on boot login screen or lock the system and try to login there is no indication of fingerprint being available as login option and it’s not reacting to touching the sensor.

Questions

• What else can I try?
• How can I try to do get the fingerprint working for sudo/passwort instead of login?

Logs

$ systemctl status fprintd.service

$ systemctl status fprintd.service
● fprintd.service - Fingerprint Authentication Daemon
Loaded: loaded (/usr/lib/systemd/system/fprintd.service; enabled; preset: di>
Drop-In: /usr/lib/systemd/system/service.d
└─10-timeout-abort.conf
Active: active (running) since Thu 2024-10-31 07:55:36 CET; 17min ago
Docs: man:fprintd(1)
Main PID: 24827 (fprintd)
Tasks: 6 (limit: 37885)
Memory: 5.0M (peak: 6.0M)
CPU: 485ms
CGroup: /system.slice/fprintd.service
└─24827 /usr/libexec/fprintd

cat /etc/pam.d/gdm-fingerprint

cat /etc/pam.d/gdm-fingerprint
auth substack fingerprint-auth
auth include postlogin

account required pam_nologin.so
account include fingerprint-auth

password include fingerprint-auth

session required pam_selinux.so close
session required pam_loginuid.so
session required pam_selinux.so open
session optional pam_keyinit.so force revoke
session required pam_namespace.so
session include fingerprint-auth
session include postlogin

cat /etc/pam.d/fingerprint-auth

$ cat /etc/pam.d/fingerprint-auth
Generated by authselect
Do not modify this file manually, use authselect instead. Any user changes will be >overwritten.
You can stop authselect from managing your configuration by calling ‘authselect opt-out’.
See authselect(8) for more details.

auth required pam_env.so
auth [success=done default=bad] pam_fprintd.so
auth required pam_deny.so

account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_usertype.so issystem
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so

password required pam_deny.so

session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_sss.so

image1061×812 57.2 KB

journalctl -xe revealed pam_fprintd.so: cannot open shared object file: No such file or directory

confirmed with no matches for sudo find / -name pam_fprintd.sp

It seems to work now after sudo dnf install fprintd-pam

Nov 01 07:12:25 fedora audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=‘unit=run-u445 comm=“systemd” exe=“/usr/lib/systemd/systemd” hostname=? addr=? terminal=? res=success’
Nov 01 07:12:25 fedora (o-bridge)[333079]: PAM unable to dlopen(/usr/lib64/security/pam_fprintd.so): /usr/lib64/security/pam_fprintd.so: cannot open shared object file: No such file or directory
Nov 01 07:12:25 fedora (o-bridge)[333079]: PAM adding faulty module: /usr/lib64/security/pam_fprintd.so
Nov 01 07:12:25 fedora audit[333079]: USER_ACCT pid=333079 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct=“” exe=“/usr/lib/systemd/systemd-executor” hostname=?
Nov 01 07:12:25 fedora audit[333079]: CRED_ACQ pid=333079 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct=“” exe=“/usr/lib/systemd/systemd-executor” hostnam
Nov 01 07:12:25 fedora (o-bridge)[333079]: pam_unix(login:session): session opened for user uid=1000) by (uid=0)
Nov 01 07:12:25 fedora audit[333079]: USER_START pid=333079 uid=0 auid=1000 ses=7 subj=system_u:system_r:init_t:s0 msg='op=PAM:session_open grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_un>