Lock screen in KDE requires both password and fingerprint to unlock

I set up fingerprint authentication for my account and as expected, I can now unlock the screen with my fingerprint (as well as run sudo commands etc).

The problem is when I try to unlock the screen just with my password:

  • If it’s incorrect, I get the proper error message
  • If it’s correct, nothing happens and I still need to use my finger to unlock the screen

This reddit post is describing exactly the same behavior.

Putting aside the really confusing UX, my main problem with this setup is that I’m often using my laptop with an external display and I’m keeping the laptop closed. But now I cannot unlock the laptop without opening it and using the fingerprint reader.

I actually ended up removing the fingerprint as an auth method because of this.

According to this thread, this is actually working as intended, as the fingerprint is essentially considered the second factor in 2FA. Not sure if true but it’d definitely be nice if I could change that behavior.

I’m using Fedora 39 with KDE Plasma 5.27.9

Are you saying here that you can unlock the screen with fingerprint only or that it requires both fingerprint and password?

It seems your fingerprint reader may be built-in so to enable that feature with the case closed an external fingerprint dongle should provide the same without having to open the laptop.

Yes, I can unlock the screen with my fingerprint only.

But I cannot unlock the screen with just the password. Even if I type in my password, I still need to use the fingerprint. Basically, the password does not really matter here. If it’s wrong, I get an error message, if it’s correct, nothing happens. You can check out the reddit post, there is a video.

And that’s the problem for the external display. I actually don’t mind typing in the password, but it just doesn’t do anything. I need to open the lid and use my fingerprint.

Hope it’s a bit clearer now what the problem is :crossed_fingers:

“Fingerprint support is not completely working properly yet, and it seems logging in with only a password no longer works using this method.”
https://wiki.archlinux.org/title/SDDM#Using_a_fingerprint_reader

Isn’t that something different? My problem is with the KDE lock screen… but SDDM is a display manager, no?

It also provides guidance on using the fingerprint reader on the KDE lock screen. You can try this method, although it might not work at the moment.

Ah, as instructed, I added following two lines to /etc/pam.d/kde, and now it (sort of) works.

auth 			sufficient  	pam_unix.so try_first_pass likeauth nullok
auth 			sufficient  	pam_fprintd.so

I need to first press enter on the empty password field in order to be prompted for the finger print, which is one more step than I’d like, but it’s something.

Thanks a lot for help!

1 Like