So, new (old) laptop.
I recently got my hands on a Lenovo Thinkpad X1 carbon extreme gen4. A nice if somewhat noisy 16" laptop with abysmal battery life.
But, it's got a fingerprint reader.
$ sudo dnf install fprintd libfprint fprintd-pam $ authselect enable-feature with-fingerprint $ authselect apply-changes
That should do it.. if you've got a gen4.
Upon reboot the fingerprint option will appear in your gnome settings panel.
Not running gnome?
$ fprintd-enroll $USER
Anyways. The SUDO command also asks for a fingerprint, which may or may not be annoying. Since my machine is docked and attached to two screens while at work, having to use fingerprint for SUDO is a no-go.
(as root) $ cp /etc/pam.d/system-auth /etc/pam.d/system-auth-no-fingerprint
Remove the line containing pam_fprintd.so from system-auth-no-fingerprint.
Make a backup of /etc/pam.d/sudo and edit the file so that it looks like this.
#%PAM-1.0 auth include system-auth-no-fingerprint account include system-auth-no-fingerprint password include system-auth-no-fingerprint session optional pam_keyinit.so revoke session required pam_limits.so session include system-auth-no-fingerprint
That should do the trick.
Now, how the heck do I unlock my login chain with fingerprint..