this post was submitted on 22 Nov 2023
13 points (100.0% liked)

Linux Questions

1149 readers
13 users here now

Linux questions Rules (in addition of the Lemmy.zip rules)

Tips for giving and receiving help

Any rule violations will result in disciplinary actions

founded 1 year ago
MODERATORS
 

I use multiple systems, and all seem to have some kind of way to ease the use of password prompts:

On MacOS you can use the fingerprint reader, or the Apple Watch to authorize operations (yep, even sudo)

On Windows, Windows hello allows you to authorize using a fingerprint reader or specific camera setup

Fingerprint readers are not as widely supported in Linux as in Windows because of vendor limitations (they just don’t care).

Is there any other recommended way to authorize operations on a desktop computer using something similar to the other systems? (Fingerprint readers, Bluetooth auth, etc)

top 4 comments
sorted by: hot top controversial new old
[–] [email protected] 4 points 1 year ago (1 children)

Fprintd is what you’re looking for. KDE and Gnome have built in support for it. Some distros like Fedora have it installed by default.

I have an inexpensive u.are.u 4500 and it works well enough for my uses.

The other alternative is to use pam_u2f with FIDO2 keys eg yubikey, solo key, etc. That will also enable you to use ssh -sk keys too if that’s important to you.

As with most things like this you can combine them to have 1FA, 2FA, or 3FA. You can even tie it into FreeIPA if you use that. You can also combine to lock yourself out of your system completely. So have fun!

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

It really depends on the age of the hardware if fprintd is going to have support for the sensor. I have a ThinkPad T80s and fprintd doesn't cover my sensor.

I would probably stick with Bluetooth because it generally works fine across all my machines, while the fingerprint sensor is super finicky and this is the third machine I've had this issue with.

[–] [email protected] 2 points 1 year ago

I use a Yubikey with u2f.

[–] possiblylinux127 1 points 1 year ago* (last edited 1 year ago)

You should look into PAM and PAM authentication methods. It is what authenticates users on Linux and supports many authentication methods including fingerprint and face.