From dff39dc42d624e0ed969a603e958d6d680b979e1 Mon Sep 17 00:00:00 2001
From: Benjamin Berg <bberg@redhat.com>
Date: Fri, 9 Apr 2021 17:00:15 +0200
Subject: [PATCH] Return PAM_AUTHINFO_UNAVAIL from pam_fprintd.so

GDM/gnome-shell expects being able to tell apart various failure modes
from the pam_fprintd.so. However, using "sufficient" means that the
generic error code from pam_deny.so will be returned.

Use default=bad, to ensure that the failing error code from
pam_fprintd.so is correctly exposed to GDM.
---
 fingerprint-auth.pamd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fingerprint-auth.pamd b/fingerprint-auth.pamd
index aae6ecc..8254379 100644
--- a/fingerprint-auth.pamd
+++ b/fingerprint-auth.pamd
@@ -2,7 +2,7 @@
 # This file is auto-generated.
 # User changes will be destroyed the next time authselect is run.
 auth        required      pam_env.so
-auth        sufficient    pam_fprintd.so
+auth        [success=done default=bad] pam_fprintd.so
 auth        required      pam_deny.so
 
 account     required      pam_unix.so