Trying to use Windows Hello in openSUSE Tumbleweed+WSL2

Hi,

I’m running openSUSE Tumbleweed under WSL2 in Windows 11. I want to use my built-in fingerprint reader instead of typing my password every time using sudo. There is even a project allowing to do that already: https://github.com/nullpo-head/WSL-Hello-sudo.

But here comes the issue: it only supports Ubuntu/Debian. Most of the install.sh script works (however, you have to specify PAM module directory as /lib64/security for x64 OS instead of default /lib/security) but if fails on pam-config creation. It expects pam config directory to be found in ‘/usr/share/pam-configs’ which doesn’t exist in openSUSE.

So my questions are:

  • Is there a suitable pam config directory in openSUSE? Where can it be found?
  • If answer to the previous question is NO then how can I add this Windows Hello PAM module manually or using pam-config?

I’ve already spent quite some time searching but still no luck.

Thank you in advance.

The PAM config is quite easy - just add “auth sufficient pam_wsl_hello.so” to /usr/etc/pam.d/sudo:

cat /usr/etc/pam.d/sudo
#%PAM-1.0
auth sufficient pam_wsl_hello.so
auth include common-auth
account include common-account
password include common-password
session optional pam_keyinit.so revoke
session include common-session

session optional pam_xauth.so

But I found an issue with the module https://github.com/nullpo-head/WSL-Hello-sudo/issues/42. pam_get_user gets the wrong username in OpenSUSE