So, new (old) laptop.

I recently got my hands on a Lenovo Thinkpad X1 carbon extreme gen4. A nice if somewhat noisy 16" laptop with abysmal battery life.

But, it's got a fingerprint reader.

$ sudo dnf install fprintd libfprint fprintd-pam
$ authselect enable-feature with-fingerprint
$ authselect apply-changes

That should do it.. if you've got a gen4.

Upon reboot the fingerprint option will appear in your gnome settings panel.

Not running gnome?

$ fprintd-enroll $USER

Anyways. The SUDO command also asks for a fingerprint, which may or may not be annoying. Since my machine is docked and attached to two screens while at work, having to use fingerprint for SUDO is a no-go.

(as root)
$ cp /etc/pam.d/system-auth /etc/pam.d/system-auth-no-fingerprint

Remove the line containing pam_fprintd.so from system-auth-no-fingerprint.

Make a backup of /etc/pam.d/sudo and edit the file so that it looks like this.

#%PAM-1.0
auth       include      system-auth-no-fingerprint
account    include      system-auth-no-fingerprint
password   include      system-auth-no-fingerprint
session    optional     pam_keyinit.so revoke
session    required     pam_limits.so
session    include      system-auth-no-fingerprint

That should do the trick.

Now, how the heck do I unlock my login chain with fingerprint..