# pam_fprint issues [SOLVED]

## functionreturnfunction

I have a laptop with an AuthenTec AES1610 fingerprint reader.  libfprint, pam_fprint, and fprint_demo are installed like so:

```
[ebuild   R   ~] sys-auth/libfprint-0.4.0  USE="-debug -static-libs" 0 kB

[ebuild   R   ~] sys-auth/pam_fprint-0.2-r1  0 kB

[ebuild   R   ~] sys-auth/fprint_demo-0.4  0 kB
```

fprint_demo works, it scans fingerprint images and verifies/identifies fine.  My problem is that pam_fprint will accept any fingerprint for users that have prints registered.  For instance, I have my left and right index fingers registered, but it will authenticate me with my pinkies, thumbs, etc.  /etc/pam.d/system-auth is configured like so:

```
auth            required        pam_env.so 

auth            sufficient      pam_fprint.so

auth            sufficient      pam_unix.so try_first_pass likeauth nullok 

#auth           required        pam_unix.so try_first_pass likeauth nullok

auth            optional        pam_permit.so

 

account         required        pam_unix.so 

account         optional        pam_permit.so

 

password        required        pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 

password        required        pam_unix.so try_first_pass use_authtok nullok sha512 shadow 

password        optional        pam_permit.so

 

session         required        pam_limits.so 

session         required        pam_env.so 

session         required        pam_unix.so 

session         optional        pam_permit.so
```

Any suggestions?Last edited by functionreturnfunction on Wed Nov 16, 2011 10:55 pm; edited 2 times in total

----------

## functionreturnfunction

I also just noticed that for users that don't have any fingerprints registered, pam will currently accept any password, including a blank one.

----------

## functionreturnfunction

Just fixed this.  Like 3 in my /etc/pam.d/system-auth should have been "required" instead of "sufficient".

----------

