On 3/3/21 11:02 AM, Pavel Březina wrote:
On 3/2/21 10:21 PM, Ray Strode wrote:
> Hi,
>
> On Tue, Mar 2, 2021, 11:20 AM Pavel Březina <pbrezina(a)redhat.com> wrote:
>> Can you reiterate the problem? The snippet above don't tell me much.
> Sorry, let me summarize (but also see Benjamin's email).
>
> Right now, if fingerprint auth is disabled in authselect, it's not
> disabling fingerprint auth at the graphical login screen.
>
> To disable fingerprint auth at the login screen, it needs to write out
> a dconf file to tweak the enabled authentication methods.
> I'm pretty sure it used to do this, or at least authconfig did.
>
> If it doesn't disable it in the dconf config, the login screen will
> try to use it. It will then fail, and the user will see an error
> message
> blink by 3 times as it keeps retrying.
Authselect writes dconf but apparently it is missing from the minimal
profile, I'll add it there.
https://github.com/authselect/authselect/issues/237
https://bodhi.fedoraproject.org/updates/FEDORA-2021-d2afa6dc55
I'll also prepare F33 build.
> Now, on to Benjamin's point, if the fingerprint-auth service
returned
> AUTHINFO_UNAVAIL, then the login screen would treat the
> failure as a "service unavailable" failure, and know not to retry,
> which would be better that status quo. It would fix the user
> experience,
> but it's still not as good as not trying in the first place.
>
> Of course, it wouldn't have to be an either/or. authselect could
> write out the dconf config, and make sure the fingerprint-auth stub
> service returns PAM_AUTHINFO_UNAVAIL instead of falling back to
> PAM_AUTH_ERR from the pam_deny in /etc/pam.d/other
https://github.com/authselect/authselect/issues/238
> make sense?
Yes, thank you. I opened the tickets and will fix them soon.
>
> --Ray
>
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure