-
As mentioned in an [fprintd issue comment][1], we need to make sure that the stack's error status is taken from the main auth module, i.e. pam_fprintd, otherwise GDM will not behave correctly. Still use pam_faillock preauth so that we test whether the account is locked, but don't use authfail/authsucc to log a failure/success so this stack doesn't participate in triggering the lock. Ideally we would check which return values we actually want to treat as a reason to lock the account (e.g. fingerprint mismatch) and which are neutral (e.g. no fingerprints enrolled), but that's much more effort. Should fix [FS#71750][2]. [1]: https://gitlab.freedesktop.org/libfprint/fprintd/-/issues/112#note_1016191 [2]: https://bugs.archlinux.org/task/71750
5e415bb1
