-
Rob Johnson authored
This commit makes pam_fprintd return PAM_UNKNOWN_USER when the user has not enrolled a fingerprint. This lets the administrator set up pam_fprintd as a required authentication, method, but only for users that have enrolled a fingerprint, as such: auth [success=ok user_unknown=ignore default=die] pam_fprintd.so max_tries=1 timeout=-1 auth [success=1 default=ignore] pam_unix.so nullok_secure auth requisite pam_deny.so With this config, users w/o an enrolled fingerprint will just be asked for a password. Users with an enrolled fingerprint will required to login using both their fingerprint and a password. https://bugs.freedesktop.org/show_bug.cgi?id=64781
b4f53045