Fingerpint Reader

Linux can utilize fringerprint readers through fprintd. It allows the Pluggable Authentication Modules (PAM) stack to check for registered biometric data before falling back to standard password entry.

Installation

Install the standard fingerprint imaging daemon from the official repositories:

sudo pacman -S fprintd

Enrollment

GNOME and KDE both offer fingerprint enrollment via their settings apps. Enrolling fingerprints this way also allows you to unlock your desktop session.

If you'd rather enroll via the terminal, use fprintd-enroll:

fprintd-enroll

Verify that the system successfully stored your fingerprint and reads the biometric data:

fprintd-verify

Configuring PAM

In order to use your fingerprint to authenticate sudo prompts in the terminal and on the desktop through Polkit, some additional setup is required.

`sudo`

WARNING: Always keep a separate terminal window open with an active root shell (sudo -s) while modifying PAM configurations. There's no sanity checks in place and incorrect configurations can lock you out of your system.

Open the sudo configuration file:

sudo nano /etc/pam.d/sudo

Insert the pam_fprintd.so module as sufficient directly below the file header. This instructs PAM to succeed immediately if a fingerprint matches, or fail cleanly to the password prompt if it does not.

#%PAM-1.0
auth      sufficient pam_fprintd.so
auth      include    system-auth
account   include    system-auth
session   include    system-auth

Verify everything works as expected by opening a brand new terminal window and open an interactive root shell with sudo -i. The system should prompt you to touch the fingerprint reader with a finger you enrolled.

Polkit

To allow graphical authentication banners in GNOME and KDE to accept biometric inputs, modify the Polkit configuration:

sudo nano /etc/pam.d/polkit-1

Replicate the structure used for sudo:

#%PAM-1.0

auth       sufficient   pam_fprintd.so
auth       include      system-auth
account    include      system-auth
password   include      system-auth
session    include      system-auth

Preparations

Booting the installation medium

Extra: Installing via SSH

Understanding Linux file systems

Singular file system

Singular file system (LUKS, encrypted)

Encrypt non-root devices (LUKS)

LVM + dm-cache (unencrypted)

LVM on LUKS (encrypted, Laptop)

LUKS on LVM (encrypted, cached, Desktop)

Base System

Time Zone & Locale

Network

Root Password

sudo

zsh

Add User

AUR Helper

zram

Boot Loader

initramfs

Secure Boot

Graphics Cards

Sound

Bluetooth

Printing

Trusted Platform Module

Universial 2nd Factor (U2F)

Fingerpint Reader

GNOME

KDE Plasma

Spell checking

Fonts

Polkit

Firefox

Google Chrome

Discord

Blu-ray

Node.js (nvm)

Kernel‑based Virtual Machine (KVM)

Folding@Home

Timeshift

GNOME Flatpaks

Wine

Steam

DOSBox

ScummVM

OpenRCT2

OpenTTD

CorsixTH

ioquake3

DXX-Rebirth

Minecraft

SimCity 3000 Unlimited

UT2004 (Atari DVD Release Version)

DBus

KDE Plasma Themes

Additional Packages

zsh configuration

Plymouth

Reinstall preparation

Qt Wayland

Removing unused packages (orphans)

Restore Secure Boot Keys, Bootloader, LUKS TPM Key after Firmware update

WARNING: Possibly missing firmware for module during initrd generation

Python Applications Stop Working

Discover does not offer system package updates

Fonts in GNOME Flatpak apps are not anti-aliased on non-GTK desktops

Fingerpint Reader

Installation

Enrollment

Configuring PAM

sudo

Polkit

`sudo`