I'm using a fingerprint reader on my laptop, works pretty well:
$sudo echo hi
Please swipe your finger:
[swipe finger here of course]
This is accomplished using pam_fprint
auth sufficient pam_fprint.so
Like I said, it works nicely... until I try to SSH in and sudo something remotely, when it will ask me kindly to swipe my finger over the reader that's attached to the laptop which is on my desk at home thirty kilometres away. Naturally there's no method built into pam_fprint to abort via a keypress.
So, is there any way to tell PAM to only use certain modules if I'm in a locally logged in session?