=head1 NAME

pam_fprintd - PAM module to authenticate against fprintd, the fingerprint daemon

=head1 SYNOPSIS

B<pam_fprintd.so> [debug|debug=[I<on>|I<off>|I<true>|I<false>|I<1>|I<0>]] [max-tries=I<MAX_TRIES>] [timeout=I<TIMEOUT>]

=head1 DESCRIPTION

The pam_fprintd module is used to verify a user's fingerprints against fingerprints
enrolled using fprintd, the fingerprint management daemon.

=head1 OPTIONS

=over 8

=item B<debug>

=item B<debug=[I<on>|I<off>|I<true>|I<false>|I<1>|I<0>]>

Whether debug should be turned on or off. Debug messages will be generated using
pam_syslog which means that they will be saved in the systemd journal by default.

=item B<max-tries=I<MAX_TRIES>>

The number of attempts at fingerprint authentication to try before returning an
authentication failure. The minimum, and default, number of tries is 3.

=item B<timeout=I<TIMEOUT>>

The amount of time before returning an authentication failure. The default timeout
is 30 seconds, with 10 seconds being the minimum.

=back

=head1 LIMITATIONS

=over 8

=back

The PAM stack is by design a serialised authentication, so it is not
possible for pam_fprintd to allow authentication through passwords and
fingerprints at the same time.

It is up to the application using the PAM services to implement separate
PAM processes and run separate authentication stacks separately. This
is the way multiple authentication methods are made available to users
of gdm for example.

=head1 AUTHOR

B<fprintd> was written by Bastien Nocera.

=head1 SEE ALSO

=over 8

=item B<fprintd>, B<PAM>

=back