Fingerprint authentication in DE pop-ups

fl4nd1 · Today 17:33:31

This was happening as soon as I added fprintd to system-auth I think, I also just reversed this (https://wiki.archlinux.org/title/Fprint#Fingerprint_authentication_is_not_taking_effect_in_the_Polkit_agent.) troubleshooting step and nothing changed

fl4nd1 · Today 17:59:58

Just noticed that the KDE lock screen instead of giving me the little text below the password "(or scan your fingerprint on the reader)" will sometimes display a big text above the prompt "place your right index finger on the fingerprint scanner" and after doing it will give me a "Unlock" button.
It seems which one it uses is random.

I have no idea if this is caused by some problem with KDE or the changed settings with PAM

Last edited by fl4nd1 (Today 18:00:31)

seth · Today 18:09:34

Do you have a journal covering the "pkexec ls" situation?
Th lockscreen isn't sddm - no idea whether it'll use its pam config, though.

fl4nd1 · Today 18:23:23

Here is what I found

Jun 11 20:22:14 polkit-kde-auth[1594]: Listener adapter polkit_qt_listener_initiate_authentication
Jun 11 20:22:14 polkit-kde-auth[1594]: GSimpleAsyncResult: 0x7f65300028f0
Jun 11 20:22:14 polkit-kde-auth[1594]: polkit_qt_listener_initiate_authentication callback for  0x558754fd66d0
Jun 11 20:22:14 polkit-kde-auth[1594]: Initiating authentication
Jun 11 20:22:14 polkit-kde-auth[1594]: Action description has been found
Jun 11 20:22:14 polkit-kde-auth[1594]: qrc:/qml/QuickAuthDialog.qml:57:5: QML Shortcut: Shortcut: Only binding to one of multiple key bindings associated with 70. Use 'sequences: [ <key> ]' to bind to all of them.
Jun 11 20:22:14 polkit-kde-auth[1594]: User:  "unix-user:endi"
Jun 11 20:22:14 polkit-kde-auth[1594]: Trying again
Jun 11 20:22:15 polkit-kde-auth[1594]: showInfo
Jun 11 20:22:15 polkit-kde-auth[1594]: Info:  "Place your right index finger on the fingerprint reader"
Jun 11 20:22:18 polkit-kde-auth[1594]: Dialog accepted
Jun 11 20:22:45 polkit-kde-auth[1594]: showInfo
Jun 11 20:22:45 polkit-kde-auth[1594]: Info:  "Verification timed out"
Jun 11 20:22:45 polkit-kde-auth[1594]: REQUEST
Jun 11 20:22:45 polkit-kde-auth[1594]: Request:  "Password: "  echo:  false
Jun 11 20:22:45 polkit-kde-auth[1594]: COMPLETED
Jun 11 20:22:45 polkit-kde-auth[1594]: Completed:  true
Jun 11 20:22:45 polkit-kde-auth[1594]: Finishing obtaining privileges
Jun 11 20:22:45 polkit-kde-auth[1594]: Listener adapter polkit_qt_listener_initiate_authentication_finish
Jun 11 20:22:45 polkit-kde-auth[1594]: polkit_qt_listener_initiate_authentication_finish callback for  0x558754fd66d0
Jun 11 20:22:45 polkit-kde-auth[1594]: Finish obtain authorization: true
Jun 11 20:22:45 polkit-kde-auth[1594]: Dialog cancelled
Jun 11 20:22:45 polkit-kde-auth[1594]: Finishing obtaining privileges
Jun 11 20:22:45 polkit-kde-auth[1594]: Finish obtain authorization: true

seth · Today 18:59:14

Looks like the previous flatpak situation - minus flatpak.
What if you imitate the behavior suggested for SDDM?

…
auth       required                    pam_faillock.so      preauth
# Optionally use requisite above if you do not want to prompt for the password
# on locked accounts.
auth       [success=2 new_authtok_reqd=done default=ignore]  pam_fprintd.so
…

fl4nd1 · Today 19:03:11

Just tried this, same behaviour...

Here's the logs

Jun 11 21:02:04 polkit-kde-auth[1594]: Listener adapter polkit_qt_listener_initiate_authentication
Jun 11 21:02:04 polkit-kde-auth[1594]: GSimpleAsyncResult: 0x7f653001b760
Jun 11 21:02:04 polkit-kde-auth[1594]: polkit_qt_listener_initiate_authentication callback for  0x558754fd66d0
Jun 11 21:02:04 polkit-kde-auth[1594]: Initiating authentication
Jun 11 21:02:04 polkit-kde-auth[1594]: Action description has been found
Jun 11 21:02:04 polkit-kde-auth[1594]: qrc:/qml/QuickAuthDialog.qml:57:5: QML Shortcut: Shortcut: Only binding to one of multiple key bindings associated with 70. Use 'sequences: [ <key> ]' to bind to all of them.
Jun 11 21:02:04 polkit-kde-auth[1594]: User:  "unix-user:endi"
Jun 11 21:02:04 polkit-kde-auth[1594]: Trying again
Jun 11 21:02:05 polkit-kde-auth[1594]: showInfo
Jun 11 21:02:05 polkit-kde-auth[1594]: Info:  "Place your right index finger on the fingerprint reader"
Jun 11 21:02:08 polkit-kde-auth[1594]: Dialog accepted
Jun 11 21:02:35 polkit-kde-auth[1594]: showInfo
Jun 11 21:02:35 polkit-kde-auth[1594]: Info:  "Verification timed out"
Jun 11 21:02:35 polkit-kde-auth[1594]: REQUEST
Jun 11 21:02:35 polkit-kde-auth[1594]: Request:  "Password: "  echo:  false
Jun 11 21:02:35 polkit-kde-auth[1594]: COMPLETED
Jun 11 21:02:35 polkit-kde-auth[1594]: Completed:  true
Jun 11 21:02:35 polkit-kde-auth[1594]: Finishing obtaining privileges
Jun 11 21:02:35 polkit-kde-auth[1594]: Listener adapter polkit_qt_listener_initiate_authentication_finish
Jun 11 21:02:35 polkit-kde-auth[1594]: polkit_qt_listener_initiate_authentication_finish callback for  0x558754fd66d0
Jun 11 21:02:35 polkit-kde-auth[1594]: Finish obtain authorization: true
Jun 11 21:02:35 polkit-kde-auth[1594]: Dialog cancelled
Jun 11 21:02:35 polkit-kde-auth[1594]: Finishing obtaining privileges
Jun 11 21:02:35 polkit-kde-auth[1594]: Finish obtain authorization: true

seth · Today 19:16:49

Hold on

if I scan my fingerprint Ente Auth opens immediately, if I enter my password it waits for about 15 seconds greying out the text box, then reopens polkit again, inserting the password the second time opens Ente Auth.

This is only when *not* using the fingerprint, right?
Same w/ other agents?
https://wiki.archlinux.org/title/Polkit … ion_agents

I think what happens is that the agent times out waiting for the fingerprint and only then resorts to handling the password.
Are there any buttons that allow you to control what to use?

fl4nd1 · Today 19:25:48

Yes, only when **not** using the fingerprint.
I can't verify for other agents, I have hyprland installed but not properly configured since I got a new laptop and wanted to do stuff from scratch.

There aren't any buttons to control what I use but if I press ok for the first popup w/o typing a password I can skip the waiting for fingerprint

seth · Today 19:32:32

You do not have that problem w/ "sudo ls" (you can use either fingerprint or password and there're no delays)?
I suspect installing and running https://archlinux.org/packages/extra/x8 … policykit/ and killing polkit-kde-authentication-agent-1 might work (no idea whether it'll behave better in this way)

fl4nd1 · Today 19:34:33

Yeah, sudo works fine.
Now I'll try with the LXQt polkit.

fl4nd1 · Today 19:38:29

Ok by using the lxqt one it just gives me a popup with a prompt to scan the fingerprint and an ok button, and if I press it a couple of times I can use a password prompt

Arch Linux

#26 Today 17:33:31

Re: Fingerprint authentication in DE pop-ups

#27 Today 17:59:58

Re: Fingerprint authentication in DE pop-ups

#28 Today 18:09:34

Re: Fingerprint authentication in DE pop-ups

#29 Today 18:23:23

Re: Fingerprint authentication in DE pop-ups

#30 Today 18:59:14

Re: Fingerprint authentication in DE pop-ups

#31 Today 19:03:11

Re: Fingerprint authentication in DE pop-ups

#32 Today 19:16:49

Re: Fingerprint authentication in DE pop-ups

#33 Today 19:25:48

Re: Fingerprint authentication in DE pop-ups

#34 Today 19:32:32

Re: Fingerprint authentication in DE pop-ups

#35 Today 19:34:33

Re: Fingerprint authentication in DE pop-ups

#36 Today 19:38:29

Re: Fingerprint authentication in DE pop-ups

Board footer