With fingerprint check enabled, the login process can happen without password or the fingerprint itself

[oncethor]

Distribution

Mint 21.1 (Vera)

Package version

5.6.8

Graphics hardware in use

NVIDIA UNIX x86_64 Kernel Module 535.113.01

Frequency

Always

Bug description

I have a Lenovo P16s and I have enabled the fingerprint reader essentialy as described here

$ sudo apt install libpam-fprintd
... reboot ...
$ fprintd-enroll -f [finger]
...

All works very well I have to say. I have been using this for more than a week.

But I have just discovered that, at login time, if I don't put my finger on the reader, I can simply click on "Log in" and log into the system, whereas normally I'd enter my password.
There's only my user on the system.

Steps to reproduce

• have a computer with the fingerprint reader
• install pam module for fingerprint as also described here https://blog.horner.tj/mint-fingerprint-auth-x1c7/
• reboot
• enroll your fingerprints
• use the system, especially sudo commands which work as expected
• logout and reboot
• on login, don't put your finger, don't enter the password, just click on the button "Log in", you will be granted access.

Expected behavior

At login time you should enter the right password, or have the right finger on the reader.
Note that all the other functionalities seem to be working as expected (e.g. sudo)

Additional information

The auth.log reported the following while I was logging in just by pressing "Log in":

Oct 24 08:37:51 p16 systemd-logind[1110]: New seat seat0.
Oct 24 08:37:51 p16 systemd-logind[1110]: Watching system buttons on /dev/input/event2 (Power Button)
Oct 24 08:37:51 p16 systemd-logind[1110]: Watching system buttons on /dev/input/event1 (Lid Switch)
Oct 24 08:37:51 p16 systemd-logind[1110]: Watching system buttons on /dev/input/event0 (Sleep Button)
Oct 24 08:37:51 p16 systemd-logind[1110]: Watching system buttons on /dev/input/event9 (Intel HID events)
Oct 24 08:37:51 p16 systemd-logind[1110]: Watching system buttons on /dev/input/event3 (AT Translated Set 2 keyboard)
Oct 24 08:37:51 p16 systemd-logind[1110]: Watching system buttons on /dev/input/event4 (ThinkPad Extra Buttons)
Oct 24 08:37:54 p16 lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm(uid=112) by (uid=0)
Oct 24 08:37:54 p16 systemd-logind[1110]: New session c1 of user lightdm.
Oct 24 08:37:54 p16 systemd: pam_unix(systemd-user:session): session opened for user lightdm(uid=112) by (uid=0)
Oct 24 08:37:54 p16 lightdm: gkr-pam: gnome-keyring-daemon started properly
Oct 24 08:37:55 p16 lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "antonio"
Oct 24 08:37:56 p16 lightdm: gkr-pam: no password is available for user
Oct 24 08:38:02 p16 systemd-logind[1110]: Removed session c1.
Oct 24 08:38:02 p16 lightdm: pam_unix(lightdm:session): session opened for user antonio(uid=1000) by (uid=0)
Oct 24 08:38:02 p16 systemd-logind[1110]: New session c2 of user antonio.
Oct 24 08:38:02 p16 systemd: pam_unix(systemd-user:session): session opened for user antonio(uid=1000) by (uid=0)
Oct 24 08:38:02 p16 lightdm: gkr-pam: gnome-keyring-daemon started properly
Oct 24 08:38:03 p16 polkitd(authority=local): Registered Authentication Agent for unix-session:c2 (system bus name :1.79 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_GB.UTF-8)

[keereets]

I think this is happening because the fingerprint sensor, somehow, holds the fingerprint image when you turn on the laptop, so that at log-in time, it has already validated the fingerprint and allows you to log-in.
In fact, if I try to turn on the laptop by pushing on the button with an unregistered finger, the log-in screen will show an "failed fingerprint" message without touching the sensor.
So @leigh123linux I think we can close this as not a bug.

[anaximeno]

Uhm, so there should be an option to disable this then (if it isn't already).