Hi, On Tue, Mar 2, 2021, 11:20 AM Pavel Březina <pbrez...@redhat.com> wrote: > Can you reiterate the problem? The snippet above don't tell me much. Sorry, let me summarize (but also see Benjamin's email).
Right now, if fingerprint auth is disabled in authselect, it's not disabling fingerprint auth at the graphical login screen. To disable fingerprint auth at the login screen, it needs to write out a dconf file to tweak the enabled authentication methods. I'm pretty sure it used to do this, or at least authconfig did. If it doesn't disable it in the dconf config, the login screen will try to use it. It will then fail, and the user will see an error message blink by 3 times as it keeps retrying. Now, on to Benjamin's point, if the fingerprint-auth service returned AUTHINFO_UNAVAIL, then the login screen would treat the failure as a "service unavailable" failure, and know not to retry, which would be better that status quo. It would fix the user experience, but it's still not as good as not trying in the first place. Of course, it wouldn't have to be an either/or. authselect could write out the dconf config, and make sure the fingerprint-auth stub service returns PAM_AUTHINFO_UNAVAIL instead of falling back to PAM_AUTH_ERR from the pam_deny in /etc/pam.d/other make sense? --Ray _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
