linux

[SOLVED] How to make i3lock and fprint friends on Thinkpad?

Good evening!
Given:
Thinkpad T420 laptop with Upek Eikon 2 fingerprint scanner
Clean Ubuntu 14.04 + awesome + i3lock deployed
Using dpkg installed libfprint0, libpam-fprint and fprint-demo from the 12.04 repository (didn't want to compile or pull in policykit+systemd dependencies)
Settings:
executed pam-auth-update and entered fingerprints with fprint_demo
Result:
Successful authentication in consoles using scanner or password. Unfortunately, i3lock only accepts passwords
Task:
Authenticate to i3lock using a fingerprint reader
Thanks in advance for your advice
PS Six months ago I managed to solve this problem by editing /etc/pam.d/i3lock. But, unfortunately, it was not possible to google their detailed description now. [Optional]
Solution:
1) The user must be a member of the plugdev group
2) The .fprint directory in the user's home directory must be writable by the user
3) Fprint_demo for fingerprinting must be run as the user
4) To enable the fingerprint scanner in when i3lock is running, you need to press Enter
5) Login with a password will become impossible, because. pressing enter instead of ayauthentication will only launch the fingerprint scanner
Solution note #5:
1) In the pam.d/i3lock file, instead of links to other files, recursively lay out their contents
2) Swap line fragments:
Before:

auth    [success=2 default=ignore]      pam_fprint.so 
auth    [success=1 default=ignore]      pam_unix.so nullok_secure try_first_pass

It became:

auth    [success=2 default=ignore]      pam_unix.so nullok_secure try_first_pass
auth    [success=1 default=ignore]      pam_fprint.so

For the lazy, I post the contents of the /etc/pam.d/i3lock file

auth       optional   pam_faildelay.so  delay=3000000
auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
auth       requisite  pam_nologin.so
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session       required   pam_env.so readenv=1
session       required   pam_env.so readenv=1 envfile=/etc/default/locale
auth    [success=2 default=ignore]      pam_unix.so nullok_secure try_first_pass
auth    [success=1 default=ignore]      pam_fprint.so
auth    requisite                       pam_deny.so
auth    required                        pam_permit.so
auth    optional                        pam_cap.so
auth       optional   pam_group.so
session    required   pam_limits.so
session    optional   pam_lastlog.so
session    optional   pam_motd.so  motd=/run/motd.dynamic noupdate
session    optional   pam_motd.so
session    optional   pam_mail.so standard
@include common-account
@include common-session
@include common-password
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open

PS Be careful, because. deleting references in /etc/pam.d/i3lock blocks the application of recursive security updates for this
PPS file We managed to find a compromise: After running pam-auth-update, edit /etc/pam.d/common-auth according to the example:

auth    [success=2 default=ignore]      pam_unix.so nullok_secure try_first_pass
auth    [success=1 default=ignore]      pam_fprint.so

Now, to use the fingerprint scanner, you always and everywhere need to press Enter and only then scan.