How can i use fingerprint login?

Silkli · July 12, 2024, 7:04pm

How can i setup my yubikey with fingerprint or another usb- with fingerprint?

otter2 · July 12, 2024, 8:18pm

There is a documentation entry about it.

tannerlambert · July 13, 2024, 4:14pm

what if your password (fingerprint) gets copied by someone?

Silkli · July 13, 2024, 5:51pm

how is this possible? the fingerprint is just a third factor for activating the key. you have also the yubikey so this should not be a problem.

tannerlambert · July 13, 2024, 8:43pm

I’m just generally not a fan of using fingerprints. Once copied (compromised), you can’t change it

rabla · November 21, 2024, 2:09pm

I’ve just implemented this for my own setup. Having three factors (i.e., pw, yubikey, and fingerprint) seems much better to me than having two or just a single factor. Surprisingly, I couldn’t find a write up, but only your question. So below is a quick and dirty write up. Be careful with testing in order to not lock yourself out.

Install fprintd and polkit in sys-usb (without polkit I was getting some weird authentication errors).
Enroll fingerprint in sys-usb using fprint-enroll.
add /usr/local/bin/fprint-auth file in dom0:

#!/bin/sh
exit `qvm-run -q --no-gui -u root sys-usb fprintd-verify`

add this in the beginning of /etc/pam.d/login:

auth required pam_exec.so expose_authtok /usr/local/bin/fprint-auth