Bugzilla – Bug 388
sudo does not ask for fingerprint with pam_fprint
Last modified: 2010-06-22 09:03:38 MDT
I am running Arch Linux. I have "auth sufficient pam_fprint.so" at the top of my /etc/pam.d/sudo file. It is supposed to ask me to swipe my finger when I run sudo, and ask for a password if the swipe failed. This works fine in sudo 1.7.2p1-1, but in sudo 1.7.2p2-1 it just asks for a password, it does not ask me to swipe my finger. Additional info: * package version(s) core/sudo 1.7.2p2-1 extra/libfprint 0.0.6-3 extra/pam_fprint 0.2-1 extra/fprint_demo 0.4-2 * config and/or log files etc. /etc/pam.d/sudo #%PAM-1.0 auth sufficient pam_fprint.so auth required pam_unix.so auth required pam_nologin.so Steps to reproduce: 1. Install libfprint 2. Install sudo 3. Add "auth sufficient pam_fprint.so" to /etc/pam.d/sudo 4. Run sudo -s
This problem still exists with sudo 1.7.2p5. Only sudo 1.7.2p1 works with pam_fprint, none of the newer versions do.
Created attachment 277 [details] Patch to back out pam changes in sudo 1.7.2p2 The attached patch backs out the pam changes introduced in sudo 1.7.2p2. Can you see if that fixes the problem?
Unless I did something wrong, this didn't seem to work.
(In reply to comment #3) > Unless I did something wrong, this didn't seem to work. I did do something wrong. I forgot to add "auth sufficient pam_fprint.so" to /etc/pam.d/sudo. It works great with the patch. Thanks,
I patched sudo 1.7.2p7, and it worked great.