Fprint

From ArchWiki
Revision as of 19:05, 2 December 2010 by Alakazam (Talk | contribs) (Login configuration)

Jump to: navigation, search

This template has only maintenance purposes. For linking to local translations please use interlanguage links, see Help:i18n#Interlanguage links.


Local languages: Català – Dansk – English – Español – Esperanto – Hrvatski – Indonesia – Italiano – Lietuviškai – Magyar – Nederlands – Norsk Bokmål – Polski – Português – Slovenský – Česky – Ελληνικά – Български – Русский – Српски – Українська – עברית – العربية – ไทย – 日本語 – 正體中文 – 简体中文 – 한국어


External languages (all articles in these languages should be moved to the external wiki): Deutsch – Français – Română – Suomi – Svenska – Tiếng Việt – Türkçe – فارسی

Background

From Pam fprint - fprint project:

pam_fprint is a simple PAM module which uses libfprint's fingerprint processing and verification functionality for authentication. In other words, instead of seeing a password prompt, you're asked to scan your fingerprint.

The idea is to use the built-in fingerprint reader in some notebooks for login using PAM. I will also explain how to use regular password for backup login method (solely fingerprint scanner is not recommended due to numerous reasons).

Prerequisites

First, make sure you have one of the supported finger scanners. You can check if your device is supported by checking this list of supported devices. To check which one you have, type

# lsusb

You need to install pam and libfprint.

# pacman -S pam libfprint

Installation

Once you made sure your reader is supported, you are good to go

# pacman -S pam_fprint

Configuration

Permissions

This is the tricky part. By defaut, only root has access to the device. You can create a signature from sudo, but then you can only use it for root user. After digging at the Ubuntu forums I found out the following solution which worked for me.

1. If the group plugdev doesn't exist (didn't for me), create it

2. Add yourself to the group

# gpasswd -a USER plugdev

3. Allow USB access

# chgrp -R plugdev /dev/bus/usb/

Login configuration

Modify the auth section of /etc/pam.d/login to this

auth       required pam_env.so
auth       sufficient   pam_fprint.so
auth       sufficient   pam_unix.so try_first_pass likeauth nullok
auth       required pam_deny.so

This tries to use fingerprint login first, and if if fails or if it finds no fingerprint signatures in the give user's home directory, it proceeds to password login.