From 31d3a6a2ffc0987a80e56d14709ea1a7ef2df4b2 Mon Sep 17 00:00:00 2001
From: petRUShka <petrushkin@yandex.ru>
Date: Sun, 23 Apr 2023 19:38:47 +0300
Subject: [PATCH] [fprintd] add ability to press enter and proceed to
 fingerprint authentication.

Adding pam_fprintd.so as sufficient to any configuration file in /etc/pam.d/ when a fingerprint signature is present will only prompt for fingerprint authentication. This prevents the use of a password if you cannot Ctrl+c fingerprint authentication (due to the lack of a shell). In order to use either a password or a fingerprint in a graphical interface, add the following line to the top of any files required:

```
auth		sufficient  	pam_unix.so try_first_pass likeauth nullok
auth		sufficient  	pam_fprintd.so
...
```

This will prompt for a password; pressing Enter on a blank field will proceed to fingerprint authentication.
---
 roles/thinkpad/templates/pam.d/sudo.j2 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/thinkpad/templates/pam.d/sudo.j2 b/roles/thinkpad/templates/pam.d/sudo.j2
index f5b1198..2f3ef27 100644
--- a/roles/thinkpad/templates/pam.d/sudo.j2
+++ b/roles/thinkpad/templates/pam.d/sudo.j2
@@ -1,5 +1,6 @@
 {% if fingerprint == True %}
-auth            sufficient      pam_fprintd.so
+auth		sufficient  	pam_unix.so try_first_pass likeauth nullok
+auth		sufficient  	pam_fprintd.so
 {% endif %}
 auth            include         system-auth
 account         include         system-auth