Comment 11 for bug 1532264

Mh, ok... I didn't think much about this as that was something possible using gnome-control-center UI or just dbus-calls.

In fact gnome-contrl-center doesn't require any unlocking operation for setting the fingerprints, by default.

However pfrintd already supports policykit correctly, so IMHO we can be safe in shipping also that binary, the only important needed action for us is to patch the file 'net.reactivated.fprint.device.policy' so that the allow_active is set to auth_self_keep instead of yes (auth_self would be more restrictive, but prompting the password again during the enroll process isn't nice).

By doing that both fprintd-enroll and fprintd-delete will just require an user authentication, such as gnome-control-center.