Hi all,
I have been trying to figure out how to make both thinkfinger and pam_keyring to work nicely in Fedora 7. I found configuration examples for each of the modules, and they work well one at a time, but when combining configuration of both modules I get a dual password prompt at the login screen: after entering user name I get regular password prompt and then the prompt to type in password or swipe finger. It seems like the first one comes form pam_keyring and second from thinkfinger module. How do I configure PAM, so that I get only thinkfinger prompt and pam_keyring automatically "picks up" the credentials passed from thinkfinger?
My system-auth file:
Code:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_thinkfinger.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
and gdm file:
Code:
#%PAM-1.0
auth required pam_env.so
auth optional pam_keyring.so try_first_pass
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
session optional pam_console.so
session optional pam_keyring.so