Add sudo auth section
Add section explaining that ansible and fingerprint auth do not mix. Explain how to disable it for sudo.
This commit is contained in:
ducoterra
25
framework.md
25
framework.md
@@ -2,6 +2,29 @@
|
|||||||
|
|
||||||
## Fingerprint Sensor
|
## Fingerprint Sensor
|
||||||
|
|
||||||
|
### Sudo Auth
|
||||||
|
|
||||||
|
Running ansible playbooks becomes impossible with the default fingerprint
|
||||||
|
configuration. Unfortunately, it's best to disable fingerprint auth for sudo
|
||||||
|
tasks. The way to do this is by editing /etc/pam.d/sudo and commenting out
|
||||||
|
pam_fprintd.so
|
||||||
|
|
||||||
|
```conf
|
||||||
|
auth required pam_env.so
|
||||||
|
#auth sufficient pam_fprintd.so
|
||||||
|
auth sufficient pam_unix.so try_first_pass likeauth nullok
|
||||||
|
auth required pam_deny.so
|
||||||
|
auth include system-auth
|
||||||
|
account include system-auth
|
||||||
|
session include system-auth
|
||||||
|
```
|
||||||
|
|
||||||
|
Note: setting timeout=10 and max-retries=1 per the [pam_fprintd man
|
||||||
|
page](https://www.mankier.com/8/pam_fprintd) does not seem to work. For some
|
||||||
|
reason, ansible never hits the password authentication method and times out.
|
||||||
|
|
||||||
|
### Errors
|
||||||
|
|
||||||
"Device disconnected" on enrolling
|
"Device disconnected" on enrolling
|
||||||
|
|
||||||
If you've enrolled fingerprints in another OS or in a previous installation you
|
If you've enrolled fingerprints in another OS or in a previous installation you
|
||||||
@@ -25,5 +48,3 @@ sudo python framework/libfprint_delete_device_prints.py -d
|
|||||||
```
|
```
|
||||||
|
|
||||||
That's it! Should work again.
|
That's it! Should work again.
|
||||||
|
|
||||||
## Secure Boot
|
|
||||||
|
|||||||
Reference in New Issue
Block a user