Fingerprint Authentication Setup for Arch Linux
Complete guide for setting up fingerprint authentication on Arch Linux with SDDM and Hyprland.
Prerequisites
- Arch Linux with SDDM display manager
- Hyprland window manager
- A working fingerprint reader
Installation
1. Install Required Package
sudo pacman -S fprintd
2. Enroll Your Fingerprint
# Enroll your fingerprint (follow the prompts - scan multiple times)
fprintd-enroll antonis
# Verify it works
fprintd-verify antonis
Replace antonis with your actual username.
Configuration
3. Configure PAM for System Authentication
Edit /etc/pam.d/system-auth:
sudo vim /etc/pam.d/system-auth
Add this line after the first pam_faillock.so preauth line:
auth sufficient pam_fprintd.so
Your file should look like:
#%PAM-1.0
auth required pam_faillock.so preauth
auth sufficient pam_fprintd.so
# Optionally use requisite above if you do not want to prompt for the password
# on locked accounts.
-auth [success=2 default=ignore] pam_systemd_home.so
auth [success=1 default=bad] pam_unix.so try_first_pass nullok
auth [default=die] pam_faillock.so authfail
auth optional pam_permit.so
auth required pam_env.so
auth required pam_faillock.so authsucc
4. Configure PAM for SDDM Login
Edit /etc/pam.d/sddm:
sudo vim /etc/pam.d/sddm
Use this configuration:
#%PAM-1.0
auth sufficient pam_fprintd.so max_tries=3
auth required pam_shells.so
auth requisite pam_nologin.so
auth include system-auth
-auth optional pam_gnome_keyring.so
-auth optional pam_kwallet5.so
account include system-login
password include system-login
-password optional pam_gnome_keyring.so use_authtok
session optional pam_keyinit.so force revoke
session include system-login
-session optional pam_gnome_keyring.so auto_start
-session optional pam_kwallet5.so auto_start
5. Configure PAM for Screen Lock (Hyprlock)
Create or edit /etc/pam.d/hyprlock:
sudo vim /etc/pam.d/hyprlock
Add:
#%PAM-1.0
auth sufficient pam_fprintd.so
auth include system-auth
Testing
Test Sudo
sudo echo "fingerprint test"
You should see a fingerprint prompt instead of password.
Test SDDM Login
- Log out or reboot
- At the SDDM login screen, select your username
- Press Enter (don’t type a password)
- Place your finger on the fingerprint reader
- You should be logged in
Test Screen Lock
Lock your screen (close laptop lid if configured), then unlock with your fingerprint.
Troubleshooting
Fingerprint Not Working
Check if the service is running:
systemctl status fprintd.service
Note: The service is socket-activated and starts on-demand, so it’s normal if it shows as inactive.
Check Enrolled Fingerprints
fprintd-list your-username
Re-enroll Fingerprint
fprintd-delete your-username
fprintd-enroll your-username
Check Logs
journalctl -u fprintd -f
Then try to authenticate in another terminal to see live logs.
Check kernel messages
dmesg | grep -i finger
Notes
- SDDM Behavior: With most SDDM themes (including Chili), pressing Enter triggers fingerprint authentication. Password authentication at SDDM may not work when fingerprint is enabled due to PAM flow.
- Sudo: Fingerprint works perfectly with sudo when configured in
system-auth. - Security: Failed fingerprint attempts don’t trigger account lockout (faillock only applies to password attempts).
- The
sufficientkeyword means: if fingerprint succeeds, authentication is complete; if it fails, it tries the next authentication method.
Optional: Customize SDDM Text
If using the Chili theme, you can customize the placeholder text:
sudo vim /usr/share/sddm/themes/chili/components/LoginForm.qml
Find line below and change:
placeholderText: "Fingerprint Authentication"
Save and restart SDDM:
sudo systemctl restart sddm
System Information
This guide was tested on:
- OS: Arch Linux
- Display Manager: SDDM with Chili theme
- Window Manager: Hyprland
- Screen Locker: Hyprlock