Setting up PIN unlock for Ubuntu Linux

One of the best Windows 10 features is that you can use a PIN to log in faster than typing your password. Of course with Windows Hello you can log in even faster, but fingerprint scanning is often unreliable, and not many laptops have the IR camera required for the facial unlock feature. Wouldn’t it be great if you could use a PIN to log in to your Linux desktop too?


It turns out that you can. The following instructions are for Ubuntu, but they should also work on derivates like Zorin OS 16, which I tested the feature on.

First, let’s open the terminal and update the apt sources just to be sure:

sudo apt update

Now, let’s install some stuff that we need. First, let’s add a PAM (Linux Pluggable Authentication modules) module that will enable us to authenticate via an /etc/passwd-like file:

sudo apt install -y libpam-pwdfile

Let’s also install whois as it is not 100% percent that you have the mkpasswd command available. If you do, this command will not break anything anyway:

sudo apt install whois

Now the fun begins. For these steps, we assume that you are using GDM as your graphical login manager. If you are using something else, go on and Google a bit on what file you will need to edit instead of gdm-password.

Let’s switch to the root user, make a backup copy of the gdm-password file and generate the encrypted PIN file. For the third command be sure to change “myusername” to your username 🙂

sudo -i
cp /etc/pam.d/gdm-password /etc/pam.d/gdm-password_ORIGINAL
echo "myusername:$(mkpasswd -5)" > /etc/custompinfile

After running the third line, you will be prompted for a password. Enter the PIN code you desire there.

Okay, now all that is left is to tell gdm-password to use the PIN file we created. Open up gdm-password with root privileges with your favorite editor. To keep things simple, just use gedit like this:

sudo gedit /etc/pam.d/gdm-password

Note: If you are still using the same terminal, you will not even need to add sudo at the front as you will still have root privileges.

In the editor, add the following line after “%PAM-1.0”:

auth    sufficient  pam_pwdfile.so pwdfile=/etc/custompinfile

The beginning of the file now should look like this:

Save the file, close the editor and prepare to test if it works. First, you need to log out and log back in using your normal password. Restarting your computer works fine too. Now after you lock your screen with the [Super] + [L] key combination, in the password input field you can use both your password or your PIN to log back in.

If something goes wrong

You can boot in recovery mode and enter the terminal to fix things. The following command will restore the original gdm-password file and we didn’t change anything else that could break the system:

cp /etc/pam.d/gdm-password_ORIGINAL /etc/pam.d/gdm-password

Pros and cons

Pro

  • More secure than Windows as you cannot use the PIN code for the first time you try to log in after starting up your computer and you can’t gain root privleges with it. For that you still need your password.

Contra

  • You need to press the [Enter] key after entering the PIN code. This is better on Windows, where you don’t need to…

One thought on “Setting up PIN unlock for Ubuntu Linux

Leave a Reply

Your email address will not be published. Required fields are marked *