LinuxCommandLibrary

fprintd-verify

Verify a fingerprint against enrolled fingerprints

TLDR

Verify all stored fingerprints for the current user

$ fprintd-verify
copy

Verify a specific fingerprint for the current user
$ fprintd-verify [[-f|--finger]] [left-thumb|left-index-finger|left-middle-finger|left-ring-finger|left-little-finger|right-thumb|...]
copy

Verify fingerprints for a specific user
$ fprintd-verify [username]
copy

Verify a specific fingerprint for a specific user
$ fprintd-verify [[-f|--finger]] [finger_name] [username]
copy

Fail the process if a fingerprint doesn't match with ones stored in the database for the current user
$ fprintd-verify --g-fatal-warnings
copy

Display help
$ fprintd-verify [[-h|--help]]
copy

SYNOPSIS

fprintd-verify [OPTIONS]

PARAMETERS

--help
    Display a help message and exit.

--version
    Display version information and exit.

DESCRIPTION

fprintd-verify is a command-line utility used to verify a user's fingerprint against previously enrolled biometric data. Part of the fprintd (fingerprint daemon) ecosystem, its primary function is to prompt the user to scan their finger and then compare the captured biometric information with the fingerprints already stored for that specific user. This tool is often invoked internally by authentication mechanisms, such as the PAM (Pluggable Authentication Modules) module pam_fprintd, to enable biometric login or sudo authentication. It exits with a status code of 0 on successful verification and a non-zero value on failure, making it suitable for scripting and integration into larger authentication workflows.

CAVEATS

The fprintd daemon must be running for fprintd-verify to function. Users must have at least one fingerprint enrolled using fprintd-enroll prior to verification. Success depends on the quality of the fingerprint scan and the sensor hardware. Polkit policies may affect its execution permissions, potentially requiring administrative privileges for certain operations.

EXIT STATUS

fprintd-verify returns an exit status of 0 on successful fingerprint verification, indicating that the scanned fingerprint matches an enrolled one. A non-zero exit status indicates failure, which could be due to a mismatch, a poor scan, or an error in communication with the fprintd daemon.

POLKIT INTEGRATION

The command utilizes Polkit (formerly PolicyKit) for authentication and authorization. This means that appropriate Polkit rules must be in place to allow a user to perform fingerprint verification, especially in graphical environments or when escalated privileges are involved. The exact rules may vary depending on the system configuration.

HISTORY

fprintd-verify is a component of the libfprint and fprintd project, which aims to provide a standardized framework for fingerprint reader support on Linux. Developed to integrate seamlessly with desktop environments like GNOME and KDE, the project allows users to utilize fingerprint authentication for system login, sudo, and other authentication prompts. The command's existence reflects the increasing adoption of biometric security features in mainstream Linux distributions.

SEE ALSO

fprintd(8), fprintd-enroll(1), fprintd-delete(1), pam_fprintd(8)

Copied to clipboard