I have been using a Apple Macintosh M1 Powerbook for a year now and I have grown accustom to using the fingerprint reader to login into the device rather then type my password every time to unlock it. Which was why when I received a new Lenovo P1 ThinkPad that had Synaptics Prometheus MIS Touch fingerprint reader running Fedora 39, I was intrigued to see if I could get the reader to be used to authenticate my username.
Luckily this process was a little more trivial then I thought it would be since Freedesktop.org has the fprintd daemon. However I found it a little more distracting finding a comprehensive set of steps. Further not all fingerprint readers are supported so you have to determine if the driver is supported or not. In my case my reader was supported. The rest of this blog will briefly outline the steps on order to successfully authenticate with the fingerprint reader.
The first step is to install the required packages on the system:
$ sudo dnf install fprintd fprintd-pam
Then enable fprintd.service and start it with systemclt.
$ sudo systemclt start fprintd.service
We can check that the service is running by using systemctl status. I do want to point out thought that the service will stop after a few tries if no fingerprints are enrolled so do not be alarmed.
$ sudo systemclt status fprintd.service
Next let's erase any old fingerprint data in the event this was used before. In most cases this step is not required but to be thorough it will not hurt.
$ fprintd-delete $USER
Now we are ready to enroll a fingerprint. Once you execute the fprintd-enroll service we need to take our index finger and place it on the fingerprint reader multiple times until we get back to a command prompt.
$ fprintd-enroll
We can use the fprintd-verify command confirm our fingerprint works because we make our PAM authentication changes. When we execute the command we need to put our index finger on the fingerprint reader and it should return to a prompt with an exit status of 0 if successful.
$ fprintd-verify
Now that we have verified our fingerprint works lets make the configuration changes that ensure PAM can use our fingerprint for authentication.
$ sudo authselect enable-feature with-fingerprint $ sudo authselect apply-changes
We can verify our changes by running the following commands.
$ sudo authselect current
At this point we can go ahead and reboot the laptop.
When we arrive at the login screen click on the username. Then we get either the classic password login or we can also use the fingerprint reader. The latter of which should log us in when we place our index finger on the reader.
Again this might be trivial but I found it interesting enough to want to write a quick blog about it to at least capture the experience. Hopefully this will help someone else who might be struggling trying to get their fingerprint reader to work.
