Package: libpam-fprintd
Version: 1.94.2-2
Severity: normal
Dear Maintainer,
max_tries for pam fprintd is set to 1 in Debian/Ubuntu, which means no
retry. I would expect at least some retries when I have a failed
fingerprint auth attempt.
It comes from this commit:
commit d90232eaf6ce050ed494d9fb9cd8464ba595468f
Author: Didier Raboud <o...@debian.org>
Date: Mon May 14 20:18:40 2012 +0200
Allow one to configure max_tries and timeout with a patch.
diff --git a/debian/pam-configs/fprintd b/debian/pam-configs/fprintd
index 1c79d52..365e3dd 100644
--- a/debian/pam-configs/fprintd
+++ b/debian/pam-configs/fprintd
@@ -4,4 +4,4 @@ Priority: 260
Conflicts: fprint
Auth-Type: Primary
Auth:
- [success=end default=ignore] pam_fprintd.so
+ [success=end default=ignore] pam_fprintd.so max_tries=1
timeout=10 # debug
That has been in there for 10 years, but in my opinion it makes fingerprint
reading in Debian/Ubuntu totally unusable, because at least on my P1
Thinkpad the fingerprint reader is not reliable enough/I hit not well
enough and I get false negatives quite often, after I changed that
max_tries to 3 it is much more fun to use, because I can actually try again
when it fails and I don't always have to fall back to typing my password.
It then behaves more like my phone which is I guess by now expected
behaviour (and I guess also the quality fingerprint readers have
nowadays).
I reached out to the author of the commit, Didier 'OdyX' Raboud, he said
"As you can see from the commit date, this is more than 10 (! wow) since I
committed this, during a period during which I was maintaining fprintd &co.
My last upload on fprintd was in 2016. I have never since re-tried using
pam_fprintd on any of the laptops I use.
I definitely and clearly don't insist that this patch is correct,
meaningful or relevant nowadays. With my now-non-expert eyes, this seems to
warrant a bugreport to Debian for removal, indeed."
Cheers,
Marcus
--
:: Marcus More-Thiesen :: blog.thiesen.org :: @mthiesen :: 0173 / 28 01 82
4 ::
