Fingerprint Authentication on a Lenovo Z13 and Fedora 40
howto fedora fingerprint pam auth
2024-10-27
I've previously used fingerprint authentication on Thinkpads in the very distant past. There have been a lot of changes to the software stack since then, so I had to rediscover how to make the fingerprint reader work. I'm using Fedora 40. I don't actually think any of these instructions are Z13 or Thinkpad specific, but YMMV.
First, install the fprintd package and start the service:
$ sudo dnf install fprintd
$ sudo systemctl enable fprintd
Enrol some fingerprints:
$ fprintd-enroll
You'll need to touch the fingerprint reader multiple times (sometimes many times!) to build the model of your fingerprint. If you want to register a specific finger, you can so with the -f flag. From the man page, the supported finger identifiers are:
For fprintd-enroll, the finger to enroll. Possible values are:
left-thumb, left-index-finger, left-middle-finger, left-ring-finger, left-little-finger,
right-thumb, right-index-finger, right-middle-finger, right-ring-finger, right-little-finger.
Once you have registered your fingerprints, you can check with:
$ fprintd-verify
Next, you need to tell the system to include fingerprint login in the available authentication methods. This was new territory for me, as I wasn't familiar with authselect, which because the default management interface for authentication back in Fedora 28.
To check that fingerprint authentication is available:
$ authselect list-features local
You should see the with-fingerprint capability. Now, we add this to our profile, and then apply the new configuration:
$ sudo authselect enable-feature with-fingerprint
$ sudo authselect apply-changes
Now, reboot the system to apply the new authentication profile. There is probably a way to do this without rebooting, but I didn't research that far. Once rebooted, open a terminal, and invoke something with sudo to test authentication:
$ sudo ls
Place your finger on the fingerprint reader
You should now be able to authenticate.