No password is necessary to config the fingerprint reader. I think this is a security issue:
1. Persons with physical access can scan their own fingerprint. So they can do everything that is allowed for this specific user.
2. If the user owns system privileges (sudo) the person has access to the hole system.
In Debian and Fedora you can use your fingerprint also in terminal. In Arch I cannot reproduce this behaviour. There must be a differences regarding implementation of the software.
People cried foul in 2011, but didn't test the recommended work-around:
First, gnome-control-center was calling EnrollStart without allowing for authentication, which means the request would always fail.
After fixing that, when enrolling, fprintd would request a polkit authentication synchronously to the polkit agent (usually gnome-shell) which would spawn a PAM conversation, which includes pam_fprintd by default. pam_fprintd would be trying to call out to fprintd, which is still waiting for the polkit response.
This would require fprintd changes to make all the polkit permission checks asynchronous, which means it's harder than simply changing a configuration file.
*** Bug 103627 has been marked as a duplicate of this bug. ***
*** Bug 105418 has been marked as a duplicate of this bug. ***
-- GitLab Migration Automatic Message --
This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.
You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/libfprint/fprintd/issues/5.