- pam_fprint is a simple PAM module which uses libfprint's fingerprint processing and verification functionality for authentication. In other words, instead of seeing a password prompt, you're asked to scan your fingerprint.
The idea is to use the built-in fingerprint reader in some notebooks for login using PAM. I will also explain how to use regular password for backup login method (solely fingerprint scanner is not recommended due to numerous reasons).
First, make sure you have one of the supported finger scanners. You can check if your device is supported by checking this list of supported devices. To check which one you have, type
You need to install pam and libfprint.
# pacman -S pam libfprint
Once you made sure your reader is supported, you are good to go
# pacman -S pam_fprint
This is the tricky part. By defaut, only root has access to the device. You can create a signature from sudo, but then you can only use it for root user. After digging at the Ubuntu forums I found out the following solution which worked for me.
1. If the group plugdev doesn't exist (didn't for me), create it
2. Add yourself to the group
# gpasswd -a USER plugdev
3. Allow USB access
# chgrp -R plugdev /dev/bus/usb/
Modify the auth section of /etc/pam.d/login to this
auth required pam_env.so auth sufficient pam_fprint.so auth sufficient pam_unix.so try_first_pass likeauth nullok auth required pam_deny.so
This tries to use fingerprint login first, and if if fails or if it finds no fingerprint signatures in the give user's home directory, it proceeds to password login.
Create fingeprint signature
Now you should be able to run the program under a normal user. To see the usage, run
$ pam_fprint_enroll --help
Chose one of the fingers and run
$ pam_fprint_enroll -f #
You will be asked to scan the given finger 3 times. After that, the signature is created in your home directory.