Hello. This might be a noob question but I am a noob.
I use the fingerprint reader of my thinkpad to authenticate system-wide but its behaviour is not exactly what I want and I don’t sufficiently understand PAM rules to set things how I’d like.
In /etc/pam.d, I have added the following line to system-auth:
auth sufficient pam_fprintd.so [max-tries=2] [timeout=0]
This way, I can make two attempts for 10s to authenticae through fingerprint, and if I fail both or if the timer runs out, it asks for my user password.
However, if I input the wrong password, it starts the cycle over with the fingerprint authentication, how do I make sure I only have two 10s attempts at first and then the system only accepts passwords?
Moreover, the gnome keyring isn’t unlocked when a user logs in with fingerprints. Because of this, and to make sure I have to input the password at least once, I would like LightDM to accept logging in with only my password. But if I add:
auth required pam_unix.so
at the beginning of /etc/pam.d/lightdm, I get the opportunity to use the password once and if I fail, I’m asked for my fingerprint. How can I properly set up PAM rules to work around this?