Hello, I have a little problem. I'm using Arch on my IBM x60s Thinkpad. First I have configured my System to use thinkfinger for authentification in the shell, gdm and on gnome-screensaver. That works really great. The next thing I wanted to do was to unlock a luks crypted volume on gdm login with my fingerprint. So I tried pam_mount, and added these two lines to my /etc/pam.d/gdm file:
auth optional pam_mount.so
session optional pam_mount.so
With this setup logon with fingerprint is not possible and I get asked for password twice. When I enter my password mounting is ok (my user pass and the pass for the encrypted volume are the same).
For security reasons is my pass over thirty digets and so very frustrating to enter.
I think pam_mount with thinkfinger there is no way to do this because pam_mount needs to get the password.
My question now is - is it possible to unlock gnome-keyring (with pam_keyring???) with thinkfinger input or is that the same issue? If I can store store the password in my keyring to use that for my luksOpen command would be great.
I think that both ways are not possible because one plain password is always needed. It would be great if there where a solution to use only a fingerprint instead of an password to encrypt and decrypt something (with a hash from the fingerprint or something else).
Any tip, idea or anything else is welcome. Thx for any help.