pam_fprintd.so [debug|debug=[on|off|true|false|1|0]] [max-tries=MAX_TRIES] [timeout=TIMEOUT]
The pam_fprintd module is used to verify a user's fingerprints against fingerprints enrolled using fprintd, the fingerprint management daemon.
Whether debug should be turned on or off. Debug messages will be generated using pam_syslog which means that they will be saved in the systemd journal by default.
The number of attempts at fingerprint authentication to try before returning an authentication failure. The minimum, and default, number of tries is 3.
The amount of time before returning an authentication failure. The default timeout is 30 seconds, with 10 seconds being the minimum.
The PAM stack is by design a serialised authentication, so it is not possible for pam_fprintd to allow authentication through passwords and fingerprints at the same time.
It is up to the application using the PAM services to implement separate PAM processes and run separate authentication stacks separately. This is the way multiple authentication methods are made available to users of gdm for example.
fprintd was written by Bastien Nocera.