I want to modify the /etc/pam.d files such that the login window when the system boots asks for password only , but the authentication prompts inside the system can use fingerprint and password both.
it should ask for fingerprint with 3 tries and then password here 👆
motive for doing this is that i want to be able to use fingerprint after the system boots but i want to unlock the system with password when the system boots ,otherwise it gives “unlock with keyring” error
i tried to modify the pam.d files myself after referring the Arch wiki but there were just so many files in pam.d and each file also contains include of other files so I am basically confused how to tackle this problem
I will be very grateful if someone can try to help me figure this out , I have already wasted 3-4 hours by modiying each of the pam.d one by one, also I am newbie to arch linux, Thanks in advance
Just for your information, there is no apt-get in Manjaro.
APT is the Debian package management system, used also by Ubuntu, Mint, and a whole slew of other Debian derivatives.
Manjaro is an Arch derivative, and therefore it uses the ALPM package management system. The command to update Manjaro is…
sudo pacman -Syu
… or, if you want to include AUR packages, Snaps and FlatPaks all in one go…
pamac update
Note that pacman and pamac are two separate tools.
As for the fingerprint reader issue, I’m afraid I cannot help you with that, but the Arch Wiki pages you referenced in your post should be clear enough on what to edit and what not.
In order for anyone to assist
(I can’t, because I do not have a fingerprint sensor and could not try or verify any suggestion)
they would want to know what you already did - and preferably roll back everything to the original state before adding something in.
The first screenshot is very old, maybe GNOME 40 or 42? The second and third screenshots are from Ubuntu. Did you take those screenshots yourself or found them online? I’m guessing the latter since there is a different username in all three.
Yes, that’s by design. At first boot, one should login with a password so the keyring also gets unlocked.
If you setup fingerprint authentication in GNOME Settings, then there should be nothing additional to do.
Yes I was in a bit hurry so i used stock images from google(my bad )(i tried to edit the post later but it didnt show any edit option)
i know the picture is of ubuntu and contains apt-get which doesnt work in manjaro
i just used the picture for demonstration purposes indicate my issue , yes logging in fingerprint works with gnome but the issue is
if you login with fingerprint then the gnome keyring will not get unlocked and applications like bitwarden or chrome will prompt you to put password again anyways
that’s why i wanted to disable the fingerprint at login screen but keep it for everything else like sudo, authentication prompts
i tried various methods to bypass gnome keyring such as setting gnome keyring password to blank but it causes errors later on so this option is off the table
only option is to change the authentication hierarchy for login in pam.d but i dont know which file governs login prompts in gnome so i am stuck for now
On my example (I don’t use fingerprint reader, but Yubikey, and KDE instead of Gnome):
added lines to /etc/pam.d/sudo to use with sudo command
added lines to /etc/pam.d/polkit-1 to use with any polkit autenthication (eg. auth from Pamac GUI)
added lines to /etc/pam.d/kde to work with lock screen (and potentially with other KDE apps) – you probably won’t be able to do this because Gnome uses same pam to login and lock screen
do not touch /etc/pam.d/sddm because I want to unlock keyring on login so I need password login – you also shouldn’t touch /etc/pam.d/gdm-password (but if you want to enable fingerprint login you should just backup this file and rename /etc/pam.d/gdm-fingerprint to gdm-password)
