diff -ur xdm/config/Xres.cpp xdm_bio/config/Xres.cpp
--- xdm/config/Xres.cpp	2006-01-13 23:36:00.000000000 +0100
+++ xdm_bio/config/Xres.cpp	2006-01-13 23:34:57.000000000 +0100
@@ -27,6 +27,7 @@
 xlogin*namePrompt: \040\040\040\040\040\040\040Login:
 #endif /* XPM */
 xlogin*fail: Login incorrect
+xlogin*alternativeAuth: 0
 #ifdef XPM
 XHASHif WIDTH > 800
 xlogin*greetFont: -adobe-helvetica-bold-o-normal--24-240-75-75-p-138-iso8859-1
@@ -78,6 +79,7 @@
 xlogin*useShape: true
 xlogin*logoPadding: 10
 #endif /* XPM */
+xlogin*alternativeAuth: false
 
 XConsole.text.geometry:	480x130
 XConsole.verbose:	true
Pouze v xdm: CVS
diff -ur xdm/dm.h xdm_bio/dm.h
--- xdm/dm.h	2006-01-13 23:36:01.000000000 +0100
+++ xdm_bio/dm.h	2006-01-13 23:34:57.000000000 +0100
@@ -271,6 +271,7 @@
 	/* add new fields below this line, and preferably at the end */
 	Boolean		allow_null_passwd; /* allow null password on login */
 	Boolean		allow_root_login; /* allow direct root login */
+	Boolean		allow_pam_first; /* allow direct call of PAM without entering username and password */
 };
 
 /* setgroups is not covered by POSIX, arg type varies */
Pouze v xdm/greeter: CVS
diff -ur xdm/greeter/greet.c xdm_bio/greeter/greet.c
--- xdm/greeter/greet.c	2006-01-13 23:36:00.000000000 +0100
+++ xdm_bio/greeter/greet.c	2006-01-13 23:34:57.000000000 +0100
@@ -293,9 +293,9 @@
 
     XtSetArg (arglist[0], XtNallowAccess, False);
     XtSetValues (login, arglist, 1);
-
     Debug ("dispatching %s\n", d->name);
-    done = 0;
+    
+    done = greet->allow_pam_first;
     while (!done) {
 	XtAppNextEvent (context, &event);
 	switch (event.type) {
@@ -352,6 +352,7 @@
     DrawFail (login);
     bzero (greet->name, strlen(greet->name));
     bzero (greet->password, strlen(greet->password));
+    greet->allow_pam_first = 0;
 }
 
 
@@ -363,6 +364,7 @@
     struct dlfuncs        *dlfuncs)
 {
     int i;
+    Arg		arglist[1];
 
 #ifdef GREET_LIB
 /*
@@ -418,6 +420,9 @@
 #ifdef __OpenBSD__
     openlog("xdm", LOG_ODELAY, LOG_AUTH);
 #endif
+    XtSetArg (arglist[0], XtNalternativeAuth, (char *) &(greet->allow_pam_first));
+    XtGetValues (login, arglist, 1);
+    Debug ("allow_pam_first from xresources xlogin*alternativeAuth = %d\n", greet->allow_pam_first);
     for (;;) {
 	/*
 	 * Greet user, requesting name/password
diff -ur xdm/greeter/Login.c xdm_bio/greeter/Login.c
--- xdm/greeter/Login.c	2006-01-13 23:36:00.000000000 +0100
+++ xdm_bio/greeter/Login.c	2006-01-13 23:34:57.000000000 +0100
@@ -120,6 +120,11 @@
 /* end (amit) */
 #endif /* XPM */
 
+/* added by Josef Hajas */
+        {XtNalternativeAuth, XtCAlternativeAuth, XtRBoolean, sizeof(Boolean),
+        offset(alternativeAuth), XtRImmediate, (XtPointer) False},
+/* end (josef) */
+    
     {XtNfont, XtCFont, XtRFontStruct, sizeof (XFontStruct *),
     	offset (font), XtRString,	"*-new century schoolbook-medium-r-normal-*-180-*"},
     {XtNpromptFont, XtCFont, XtRFontStruct, sizeof (XFontStruct *),
diff -ur xdm/greeter/Login.h xdm_bio/greeter/Login.h
--- xdm/greeter/Login.h	2006-01-13 23:36:00.000000000 +0100
+++ xdm_bio/greeter/Login.h	2006-01-13 23:34:57.000000000 +0100
@@ -112,6 +112,9 @@
 # define XtCAllowNullPasswd	"AllowNullPasswd"
 # define XtCAllowRootLogin	"AllowRootLogin"
 
+#define XtNalternativeAuth "alternativeAuth"
+#define XtCAlternativeAuth "AlternativeAuth"
+
 /* notifyDone interface definition */
 
 #ifdef __OpenBSD__
diff -ur xdm/greeter/LoginP.h xdm_bio/greeter/LoginP.h
--- xdm/greeter/LoginP.h	2006-01-13 23:36:00.000000000 +0100
+++ xdm_bio/greeter/LoginP.h	2006-01-13 23:34:57.000000000 +0100
@@ -90,6 +90,7 @@
 	Boolean		allow_null_passwd; /* allow null password on login */
 	Boolean		allow_root_login; /* allow root login */
 	XIC		xic;		/* input method of input context */
+        Boolean 	alternativeAuth;/* biometrics support */
 #ifdef XPM
 	/*caolan begin*/
 	int lastEventTime;
diff -ur xdm/greeter/verify.c xdm_bio/greeter/verify.c
--- xdm/greeter/verify.c	2006-01-13 23:36:00.000000000 +0100
+++ xdm_bio/greeter/verify.c	2006-01-13 23:34:57.000000000 +0100
@@ -507,6 +507,11 @@
 	PAM_BAIL;
 	pam_error = pam_setcred(*pamhp, 0);
 	PAM_BAIL;
+	/* if identification was performed, username is known now */
+	if (strlen (greet->name) == 0) {
+		pam_error = pam_get_user(*pamhp, &(greet->name), NULL);
+		PAM_BAIL;
+	}
 	p = getpwnam (greet->name);
 	endpwent();

diff -ur xdm/xdm.man xdm_bio/xdm.man
--- xdm/xdm.man	2006-01-13 23:36:00.000000000 +0100
+++ xdm_bio/xdm.man	2006-01-13 23:34:57.000000000 +0100
@@ -987,6 +987,11 @@
 if the account does not require a password at all.
 The default is ``false'', so only users that have passwords assigned can
 log in.
+.IP "\fBxlogin.alternativeAuth\fP"
+If set to ``true'', don't give prompt for the first time and directly call PAM.
+Give login box only after first PAM authorization fail. This is useful set to 
+``true'' if you have biometrics identification functional.
+The default is ``false''.
 .IP "\fBxlogin.Login.translations\fP"
 This specifies the translations used for the login widget.  Refer to the X
 Toolkit documentation for a complete discussion on translations.  The default
