Plasma Fingerprint Authentication

Original-Syn

So I got my Framework 13 AI in this past week and have been testing different distros I use, including Fedora, EndeavourOS, and, of course, Solus, which is what I am going with on it. I knew I would need to setup the Fingerprint and had seen a few other posts in the forum on what they had done, mainly with Gnome. With KDE there are some things that I found a bit different and this was the same with EndeavourOS. Fedora is no problem because they use the authselect package which is a more automated tool, but requires SELinux.

I did try just using system-auth, but due to some of the issues around SDDM, it caused issues. Mainly with it taking 30 seconds to long in if you entered the password. I actually do not really want to use fingerprint for SDDM, so I just removed it from there. What I did want was for it to work for lock screen and sudo requests.

Here is what I did to achieve it. It works well, but I would still consider it a WIP as I do want to test other things out.

Step 1: Install fprintd

sudo eopkg install fprintd

Step 2: Enroll at least one Fingerprint

System Settings -> Users -> Your Account
You should see Configure Fingerprint Authentication. If you do not, reboot.
Click that and add Fingerprints.

Step 3: Create pam.d in /etc

sudo mkdir /etc/pam.d

Step 4: Copy over pam.d files that we will modify (kde-fingerprint is optional for now)

sudo cp /usr/share/defaults/etc/pam.d/sudo /etc/pam.d/ 
sudo cp /usr/share/defaults/etc/pam.d/kde-fingerprint /etc/pam.d/

Step 5: Modify sudo config file in /etc/pam.d/

You will add auth sufficient pam_fprintd.so after #%PAM-1.0 it should look like this after...

#%PAM-1.0
auth    sufficient   pam_fprintd.so
auth            include         system-auth
account        include         system-auth
session         include         system-auth

Save changes!

Step 6: Test

This should work without needing to reboot, but if it doesn't reboot and test it. As mentioned, this is a WIP.

sudo Test
You should be able to test it by opening another terminal and trying to run a command with sudo. If fingerprint fails 3x, it will prompt for sudo password.

It should also prompt you if you make any system changes or install software through Discover that are Solus packages. It won't prompt for Flatpak, as those do not require elevated permission.

Lockscreen Test
You can also test the lock screen by locking your system and seeing the login prompt. You should have the option for either password or fingerprint now.

Disclaimer

This is all just in the testing phase right now and a WIP. This is similar to what I did for EndeavourOS, but there are some differences. I will see about getting more areas flushed out like SDDM when I get some time. Since it is not technically part of Plasma it works a bit different and I generally do not use Fingerprint there, so I am not as familiar with the setup, if anyone wants to jump in on that.

Original-Syn

After testing for 3 days now, I have noticed that sometimes after the system wakes from sleep it will not present the fingerprint authentication as an option, neither in the terminal nor unlock. I will look more into that. It appears to be random. Overall, it works well and without causing any issues otherwise with authentication.