Difference between revisions of "Fprint"

From ArchWiki
Jump to: navigation, search
(Undo revision 287280 by Pizzapill (talk))
(27 intermediate revisions by 10 users not shown)
Line 1: Line 1:
 
[[Category:Input devices]]
 
[[Category:Input devices]]
{{i18n|fprint}}
+
[[bg:Fprint]]
 +
[[fa:Fprint]]
 +
From [http://www.freedesktop.org/wiki/Software/fprint/ the fprint homepage]:
  
From [http://reactivated.net/fprint/wiki/Pam_fprint Pam fprint - fprint project]:
+
:''The fprint project aims to plug a gap in the Linux desktop: support for consumer fingerprint reader devices.''
 
+
:''pam_fprint is a simple PAM module which uses libfprint's fingerprint processing and verification functionality for authentication. In other words, instead of seeing a password prompt, you're asked to scan your fingerprint.''
+
  
 
The idea is to use the built-in fingerprint reader in some notebooks for login using PAM. This article will also explain how to use regular password for backup login method (solely fingerprint scanner is not recommended due to numerous reasons).
 
The idea is to use the built-in fingerprint reader in some notebooks for login using PAM. This article will also explain how to use regular password for backup login method (solely fingerprint scanner is not recommended due to numerous reasons).
Line 10: Line 10:
 
== Prerequisites ==
 
== Prerequisites ==
  
First, make sure you have one of the supported finger scanners. You can check if your device is supported by checking [http://www.thinkwiki.org/wiki/Integrated_Fingerprint_Reader this] list of supported devices. To check which one you have, type
+
Make sure you have one of the supported finger scanners. You can check if your device is supported by checking [http://www.freedesktop.org/wiki/Software/fprint/libfprint/Supported_devices/ this] list of supported devices. To check which one you have, type
 
  # lsusb
 
  # lsusb
 
You need to install '''pam''' and '''libfprint'''.
 
# pacman -S pam libfprint
 
  
 
== Installation ==
 
== Installation ==
  
Some dependencies:
+
Install {{Pkg|fprintd}} from the [[official repositories]]. {{Pkg|imagemagick}} might also be needed.
# pacman -S libusb imagemagick
+
 
+
Once you made sure your reader is supported, you are good to go
+
# yaourt -Sb pam_fprint-git
+
Because the package is outdated it wants you to have libusb1. A package with that name does not exist; it has been renamed to libusb, without the ending 1. Therefore, you must change that in the PKGBUILD file when it asks you. Make sure it looks like this:
+
depends=('libusb' 'imagemagick' 'libtool')
+
  
 
== Configuration ==
 
== Configuration ==
  
=== Permissions ===
+
=== Login configuration ===
  
By default, only root has access to the device. You can create a signature from sudo, but then you can only use it for root user. The following solution from the Ubuntu forums may work for some people.
+
{{Note|If you use [[GDM]], the fingerprint-option is already available in the login menu. You can skip this section!}}
  
1. If the group plugdev doesn't exist, create it
+
Add {{ic|pam_fprintd.so}} as sufficient to the top of the auth section of {{ic|/etc/pam.d/system-local-login}}:
# groupadd plugdev
+
  
2. Add yourself to the group
+
{{hc|/etc/pam.d/system-local-login|
# gpasswd -a USER plugdev
+
'''auth      sufficient pam_fprintd.so'''
 +
auth      include  system-login
 +
...
 +
}}
  
3. Allow USB access
+
This tries to use fingerprint login first, and if if fails or if it finds no fingerprint signatures in the give user's home directory, it proceeds to password login.
# chgrp -R plugdev /dev/bus/usb/
+
  
=== Login configuration ===
+
You can also modify other files in {{ic|/etc/pam.d/}} in the same way, for example {{ic|/etc/pam.d/polkit-1}} for GNOME polkit authentication.
  
Modify the auth section of /etc/pam.d/login to this
+
=== Create fingeprint signature ===
auth      required pam_env.so
+
auth      sufficient  pam_fprint.so
+
auth      sufficient  pam_unix.so try_first_pass likeauth nullok
+
auth      required pam_deny.so
+
  
This tries to use fingerprint login first, and if if fails or if it finds no fingerprint signatures in the give user's home directory, it proceeds to password login.
+
To add a signature for a finger, run
 +
$ fprintd-enroll
  
You can also modify other files in /etc/pam.d/ using the same method, for example /etc/pam.d/gdm for GNOME's fingerprint login or /etc/pam.d/polkit-1 for GNOME PolicyKit Authentication.
+
You will be asked to scan the given finger. After that, the signature is created in {{ic|/var/lib/fprint/}}.
 
+
=== Create fingeprint signature ===
+
  
Now you should be able to run the program under a normal user. To see the usage, run
+
For more information, see {{ic|man fprintd}}.
$ pam_fprint_enroll --help
+
Chose one of the fingers and run
+
$ pam_fprint_enroll -f #
+
You will be asked to scan the given finger 3 times. After that, the signature is created in your home directory.
+
  
 
== Setup fingerprint-gui ==
 
== Setup fingerprint-gui ==
 +
{{out of date|packages do not exist anymore}}
  
 
An alternate fingerprint reader gui.
 
An alternate fingerprint reader gui.
Line 71: Line 55:
 
http://www.n-view.net/Appliance/fingerprint/
 
http://www.n-view.net/Appliance/fingerprint/
  
Install a dependency:
+
Install as dependency {{Pkg|libfakekey}} and {{Pkg|fingerprint-gui}}.
$ pacman -S libfakekey
+
 
+
Install fingerprint-gui from AUR
+
$ yaourt -S fingerprint-gui
+
  
 
Please make sure your user is a member of "plugdev" and "scanner" group if you use UPEK non-free library. You may also have to log out and back in for these changes to take effect.
 
Please make sure your user is a member of "plugdev" and "scanner" group if you use UPEK non-free library. You may also have to log out and back in for these changes to take effect.
Line 81: Line 61:
 
  # gpasswd -a USER scanner
 
  # gpasswd -a USER scanner
  
fingerprint-polkit-agent conflicts with files in /etc/xdg/autostart that must
+
fingerprint-polkit-agent conflicts with files in {{ic|/etc/xdg/autostart}} that must
 
be removed:
 
be removed:
 
  "polkit-gnome-authentication-agent-1.desktop" and
 
  "polkit-gnome-authentication-agent-1.desktop" and
 
  "polkit-kde-authentication-agent-1.desktop".
 
  "polkit-kde-authentication-agent-1.desktop".
  
Edit your PAM configuration
+
Edit your PAM configuration (e.g., {{ic|<nowiki>/etc/pam.d/{login,su,sudo,gdm}</nowiki>}}).
(e.g., /etc/pam.d/{login,su,sudo,gdm}).
+
  
Change the auth section to read
+
Change the auth section to read:
  
 
  auth      required pam_env.so
 
  auth      required pam_env.so
Line 96: Line 75:
 
  auth      required pam_deny.so
 
  auth      required pam_deny.so
  
Add this to your ~/.bashrc file if you get an error saying that it can't connect to X desktop.
+
Add this to your ~/.bashrc file if you get an error saying that it can't connect to X desktop (see [[Xhost#The_.27cannot_connect_to_X_server_:0.0.27_output|this]] for more details).
  xhost + &>
+
  xhost + >/dev/null
  
 
Now run fingerprint-gui and register fingerprints for the current user. You will need to run fingerprint-gui and register fingerprints as all users you want to use the fingerprint reader, i.e. as root to use it for "su" login.
 
Now run fingerprint-gui and register fingerprints for the current user. You will need to run fingerprint-gui and register fingerprints as all users you want to use the fingerprint reader, i.e. as root to use it for "su" login.

Revision as of 09:03, 9 December 2013

From the fprint homepage:

The fprint project aims to plug a gap in the Linux desktop: support for consumer fingerprint reader devices.

The idea is to use the built-in fingerprint reader in some notebooks for login using PAM. This article will also explain how to use regular password for backup login method (solely fingerprint scanner is not recommended due to numerous reasons).

Prerequisites

Make sure you have one of the supported finger scanners. You can check if your device is supported by checking this list of supported devices. To check which one you have, type

# lsusb

Installation

Install fprintd from the official repositories. imagemagick might also be needed.

Configuration

Login configuration

Note: If you use GDM, the fingerprint-option is already available in the login menu. You can skip this section!

Add pam_fprintd.so as sufficient to the top of the auth section of /etc/pam.d/system-local-login:

/etc/pam.d/system-local-login
auth      sufficient pam_fprintd.so
auth      include   system-login
...

This tries to use fingerprint login first, and if if fails or if it finds no fingerprint signatures in the give user's home directory, it proceeds to password login.

You can also modify other files in /etc/pam.d/ in the same way, for example /etc/pam.d/polkit-1 for GNOME polkit authentication.

Create fingeprint signature

To add a signature for a finger, run

$ fprintd-enroll

You will be asked to scan the given finger. After that, the signature is created in /var/lib/fprint/.

For more information, see man fprintd.

Setup fingerprint-gui

Tango-view-refresh-red.pngThis article or section is out of date.Tango-view-refresh-red.png

Reason: packages do not exist anymore (Discuss in Talk:Fprint#)

An alternate fingerprint reader gui. This works with libfprint-unstable which has support for the new Upeksonly readers, such as, the new Thinkpad W510 T510 T410 T420 Upeksonly reader with USB ID 147e:2016

http://www.thinkwiki.org/wiki/Integrated_Fingerprint_Reader

http://www.n-view.net/Appliance/fingerprint/

Install as dependency libfakekey and fingerprint-gui.

Please make sure your user is a member of "plugdev" and "scanner" group if you use UPEK non-free library. You may also have to log out and back in for these changes to take effect.

# gpasswd -a USER plugdev
# gpasswd -a USER scanner

fingerprint-polkit-agent conflicts with files in /etc/xdg/autostart that must be removed:

"polkit-gnome-authentication-agent-1.desktop" and
"polkit-kde-authentication-agent-1.desktop".

Edit your PAM configuration (e.g., /etc/pam.d/{login,su,sudo,gdm}).

Change the auth section to read:

auth       required pam_env.so
auth       sufficient   pam_fingerprint-gui.so
auth       sufficient   pam_unix.so try_first_pass likeauth nullok
auth       required pam_deny.so

Add this to your ~/.bashrc file if you get an error saying that it can't connect to X desktop (see this for more details).

xhost + >/dev/null

Now run fingerprint-gui and register fingerprints for the current user. You will need to run fingerprint-gui and register fingerprints as all users you want to use the fingerprint reader, i.e. as root to use it for "su" login.