Howdy is a program that imitates Windows Hello on Linux. It uses a computer's IR sensors and camera to verify a user's face.
Install the AUR package.
Setup Howdy to start when needed
In order for Howdy to authenticate a user, a small change must be added to any PAM configuration file where Howdy might want to be used. The following line must be added to any configuration file:
auth sufficient pam_python.so /lib/security/howdy/pam.py
Note: When using Howdy 3.0.0 BETA and above (AUR), the line should be:
auth sufficient /lib/security/pam_howdy.so
pam_howdy.so) as sufficient to any configuration file in
/etc/pam.d/ will only prompt for face authentication. This prevents the use of a password if you cannot
Ctrl+c face authentication (due to the lack of a shell). In order to use either a password or a face in a graphical interface, add the following line to the top of any files required:
auth sufficient pam_unix.so try_first_pass likeauth nullok
Add correct IR sensor
Determine the correct
/dev/videoX file connected to the IR sensor. This can be done through various programs such as , AUR or .
An example of doing this with a tool included in thepackage:
$ v4l2-ctl --list-devices Integrated_Webcam_HD: Integrate (usb-0000:00:14.0-11): /dev/video0 /dev/video1 EyeChip: Tobii Video (usb-0000:00:14.0-3.4.3): /dev/video4 /dev/video5 HD Webcam C525 (usb-0000:00:14.0-3.4.4): /dev/video2 /dev/video3
As seen in the example above, the command may show more than one webcam device, and for each device it may show multiple
/dev/videoX paths. Generally picking the first of the two paths will work fine.
If you have more than one webcam and/or IR sensor using a
/dev/videoX may be somewhat unstable overtime, as it may be prone to change paths if certain devices are unplugged and replugged back in. In this can consider using a more consistent path name supplied by Video4Linux in the
$ ls -l /dev/v4l/by-id total 0 lrwxrwxrwx 1 root root 12 Dec 3 15:01 usb-046d_HD_Webcam_C525_BE4703F0-video-index0 -> ../../video2 lrwxrwxrwx 1 root root 12 Dec 3 15:01 usb-046d_HD_Webcam_C525_BE4703F0-video-index1 -> ../../video3 lrwxrwxrwx 1 root root 12 Dec 3 14:47 usb-CNFGH19N306021000582_Integrated_Webcam_HD-video-index0 -> ../../video0 lrwxrwxrwx 1 root root 12 Dec 3 14:47 usb-CNFGH19N306021000582_Integrated_Webcam_HD-video-index1 -> ../../video1 lrwxrwxrwx 1 root root 12 Dec 3 14:47 usb-Tobii_Technology_AB_EyeChip_IS404-100109244721-video-index0 -> ../../video4 lrwxrwxrwx 1 root root 12 Dec 3 14:47 usb-Tobii_Technology_AB_EyeChip_IS404-100109244721-video-index1 -> ../../video5
You can validate that these
v4l paths do not change by unplugging and replugging your devices and then re-listing the directory.
Once the correct filename is found, edit
/lib/security/howdy/config.ini using either your preferred editor or with
howdy config (run as the root user). Change
device_path = null to
device_path = path_to_device:
# The path of the device to capture frames from # Should be set automatically by an installer if your distro has one device_path = path_to_device
To customize which editor
howdy config uses, set the
# EDITOR=editor howdy config
Add face to Howdy
In order to add a face model to Howdy, run
howdy add as the root user.
Secure the installation
Some versions of Howdy take webcam snapshots when authenticating a user, and save them in
/lib/security/howdy/snapshots. This can be considered a security hole. An attacker who has access could trivially find a snapshot corresponding to a successful login of the target user, print it, and use the printed photo to impersonate the target user, who presumably has more rights. Well, the attacker could also use any other photo of the target user, but Howdy simplifies the process too much.
To avoid this attack and also surprises about the disk space, disable taking snapshots in
[snapshots] capture_failed = false capture_successful = false
IR emitter does not work
If the IR camera is on and the IR emitter does not work, one possible situation is that you chose the wrong file. For example,
/dev/video2 both work fine to recognize your face, but only
/dev/video2 will turn on the IR emitter. So make sure you have checked all
Otherwise you should follow the instructions from linux-enable-ir-emitter to enable the IR emitter. Install the AUR package.
3.2.0-2, the package comes with the systemd service, so you may want to pick the version that suits you.
Testing your IR camera
It can be useful to first make verify that your IR camera functions correctly. A set of 10 jpg photos can be taken to test your device using thepackage with the following command:
gst-launch-1.0 v4l2src device=path_to_device num-buffers=10 ! image/jpeg ! multifilesink location="frame-%02d.jpg"
Howdy does not seem to work
Verify that Howdy is properly working by running
howdy test as root. If that seems to work, check any PAM configuration files and verify they are working. Some programs, such as SDDM , do not work properly with PAM, which may result in unexpected results.
Errors recognizing an input device
Some IR sensors (for example of the Thinkpad T480) need to have the frame width and height defined in the configuration file:
frame_width = 400 frame_height = 400
The width and height of your sensor output:
v4l2-ctl --list-devices --all.