Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 479314 - gnome-base/gdm: add pam fingerprint usage support (?)
Summary: gnome-base/gdm: add pam fingerprint usage support (?)
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Linux Gnome Desktop Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-07-31 19:20 UTC by Pacho Ramos
Modified: 2021-07-22 12:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
gdm-fingerprint.pam (1.txt,578 bytes, text/plain)
2021-07-22 12:34 UTC, Pacho Ramos 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Pacho Ramos gentoo-dev 2013-07-31 19:20:58 UTC 
I have seen we are (again) needing to patch upstream pam files:
http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/gnome-base/gdm/files/gdm-3.8.4-fingerprint-auth.patch?view=markup

What problems does it cause to load it? (there are some modules that can be loaded always because they cause no problems when not exist)

If it causes problems, please let me know to try to make upstream supply a "Gentoo" flavor for pam files (like exherbo and redhat) that would let us to not need to keep that patches forever

Thanks
Comment 1 Alexandre Rostovtsev (RETIRED) gentoo-dev 2013-08-01 03:35:20 UTC 
The best solution IMHO would be to just add a fingerprint-auth file to our sys-auth/pambase package, so not only gdm but other authentication utilities can use it. And to make it easy for users to configure whether to use pam_fprint or fingerprint-gui or whatever else in one place.
Comment 2 Pacho Ramos gentoo-dev 2013-09-29 10:55:59 UTC 
(In reply to Alexandre Rostovtsev from comment #1)
> The best solution IMHO would be to just add a fingerprint-auth file to our
> sys-auth/pambase package, so not only gdm but other authentication utilities
> can use it. And to make it easy for users to configure whether to use
> pam_fprint or fingerprint-gui or whatever else in one place.

Reassigning to pambase maintainers then
Comment 3 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2020-08-20 20:01:57 UTC 
Necro update: 
This patch breaks unstable users. pam_tally2 is absent in 1.4.0_p20200809 and in 1.4.x in general but present in the patch.
It also is not mandatory to include this part of the stack into pambase, anything can be installed with the dopamd helper if I see the problem correctly.
Comment 5 Pacho Ramos gentoo-dev 2021-07-22 12:01:53 UTC 
From line 65:
https://github.com/archlinux/svntogit-packages/blob/packages/gdm/trunk/0001-pam-arch-Update-to-match-pambase-20200721.1-2.patch#L65

I tried to find similar in Exherbo but I guess they simply don't support it :/
Comment 6 Pacho Ramos gentoo-dev 2021-07-22 12:04:33 UTC 
Ah, as I re-read, we were needing to patch Exherbo pam file because they rely on 
auth     substack fingerprint-auth

But I don't how if they rely on pambase or how they handle pam... I have tried to search inside their git without success :(
Comment 7 Pacho Ramos gentoo-dev 2021-07-22 12:34:33 UTC 
Created attachment 725797 [details]
gdm-fingerprint.pam

For now I am trying with this file based on gdm pam-lfs one, it loads but I think I am hitting now something like:
https://gitlab.freedesktop.org/libfprint/libfprint/-/issues/321
Comment 8 Pacho Ramos gentoo-dev 2021-07-22 12:40:04 UTC 
Inside gnome session it works, I can even configure the fingerprint from control center and also using fprint-* commands, but gdm still fails to handle it reporting:
jul 22 14:37:13 dell fprintd[648]: Device reported an error during verify: Response had wrong subcommand type
jul 22 14:37:13 dell gdm-fingerprint][665]: gkr-pam: no password is available for user