• Rob Johnson's avatar
    pam: return PAM_UNKNOWN_USER when user is unenrolled · b4f53045
    Rob Johnson authored
    This commit makes pam_fprintd return PAM_UNKNOWN_USER when
    the user has not enrolled a fingerprint.
    This lets the administrator set up pam_fprintd as a required
    authentication, method, but only for users that have enrolled a
    fingerprint, as such:
    auth  [success=ok user_unknown=ignore default=die] pam_fprintd.so max_tries=1 timeout=-1
    auth  [success=1  default=ignore]                  pam_unix.so nullok_secure
    auth  requisite                                    pam_deny.so
    With this config, users w/o an enrolled fingerprint will just be
    asked for a password.  Users with an enrolled fingerprint will
    required to login using both their fingerprint and a password.
Last commit
Last update
Makefile.am Loading commit data...
README Loading commit data...
fingerprint-strings.h Loading commit data...
pam_fprintd.c Loading commit data...