Talk:How to enable integrated fingerprint reader with BioAPI
Contents
chmod 777 -R /usr/local/var/bioapi/
Is the above necessary? I just made a debian package of xscreensaver with the patch applied, and when using the bioapi debian pacakge from Michael R. Crusoe's site which has this directory put in /usr/var/bioapi I had not to change the permissions to world-writeable there. Write access to the logfile and usb device are necessary, but that directory works with 755 as well (even though it comes with 777 in Michael's package), and all files and subdirectories are 644/755 too.
--spiney 00:08, 11 Nov 2005 (CET)
Qt Compilation Success
Here it worked with qt ;)
--
I didn't get it to work anyway, but I'm curious about your Qt version(s) as it seemed to want Qt 3 when I was playing with it.
--keegan 05:07, 24 Dec 2005 (CET)
using absolute paths for commands
I don't know whether using absolute paths in the articles is a good idea, at least not for tools like lsusb
which are not established utilities (i.e. used for more than a decade or something ;)) and happen to be in different locations in different distributions. E.g. said lsusb
resides in /usr/sbin on Debian systems.
--spiney 16:45, 12 Nov 2005 (CET)
I'm using debian testing and it's in /usr/bin. I agree that the confusion is bad; dropping the absolute paths and adding a general note about checking $PATH
in case of problems is probably good.
--keegan
BioAPI error #3
Its kind of strage it used to work with everythig (kdm,console,lock,etc) Now it only works with kdm. It allways gives back:
pam_bioapi[8113]: Unable to initialize Bioapi framework, BioAPI error #:3.
Even when I set the right permissions on /proc/bus/usb.
I am able to run the Sample program as normal user after setting the permissions, but when I change within a user session by su I amnot able to run the Sample program a also get an error Code #3.
From an other terminal (alt+strg+Fx) I am able to run the Sample program but at the login I still get the error #3.
I cant remember to have changed anything an d bevor I was able to login in a console with my fingerprint now only kdm is working even kde lock-session isnt working anymore.
Any suggestions ?
Permission errors exclusive to xscreensaver
I followed the instructions above and got everything working, including non-root programs like xscreensaver. However, the script to change usbfs permissions is finicky and fails to work with a lot of things like suspend/resume. Therefore, I switched to specifying devgid=108,devmode=0660,busgid=108,busmode=0770,listgid=108,listmode=0660 as mount parameters for usbfs, where group 108 is a group I created and added my normal user to. This seems like a much better way of doing things, and it almost works. However, xscreensaver (using the newer patch) gives the familiar Unable to load BioAPI BSP with UUID of {5550454b-2054-464d-2f45-535320425350}, BioAPI error #194d. error in /var/log/auth.log. I don't think this is a straightfoward permissions problem because
- the permissions in /proc/bus/usb are correct by inspection
- I can write to the device file as my normal user
- other programs like
test_verify-pam_bioapi
andpamtester
work as my normal user - the weirdest one: xscreensaver works when the
xscreensaver
daemon is launched from withinstrace
. It's still running as my normal user (strace
is not setuid root). I have absolutely no idea what would cause this. I thought it might be an environment issue, but the difference in environment between thestrace
session and my normal session is trivial.
At this point I'm hoping it's something dumb, but I'm out of ideas. The xscreensaver
error is pam_authenticate (...) ==> 7 (Authentication failure), for the record.
--keegan
Could you provide all the log lines between pam_start and pam_end when running xscreensaver -verbose
?
BTW, the idea with using the mount options for usbfs is very good, maybe you should add that info to the article page? I use the permission changing script without problems, also after resume, but the usbfs version is probably easier to set up, most people will be able to find /etc/fstab.
--spiney 10:12, 23 Dec 2005 (CET)
xscreensaver: 20:56:01: alternative_pam: 1 -> pam service: xscreensaver-alternative xscreensaver: 20:56:01: pam_start ("xscreensaver-alternative", "keegan", ...) ==> 0 (Success) xscreensaver: 20:56:01: pam_set_item (p, PAM_TTY, ":0.0") ==> 0 (Success) xscreensaver: 20:56:01: PAM ECHO_OFF("Password: ") ==> password xscreensaver: 20:56:03: pam_authenticate (...) ==> 7 (Authentication failure) xscreensaver: 20:56:03: pam_end (...) ==> 0 (Success) xscreensaver: 20:56:03: prompting for password. xscreensaver: 20:56:03: 0: creating password dialog. xscreensaver: 20:56:03: 0: mouse is at 442,412. xscreensaver: 20:56:03: grabbing server... xscreensaver: 20:56:03: 0: ungrabbing mouse (was 0x48). xscreensaver: 20:56:03: 0: grabbing mouse on 0xe0002b... GrabSuccess. xscreensaver: 20:56:03: ungrabbing server. xscreensaver: 20:56:05: alternative_pam: 12582928 -> pam service: xscreensaver xscreensaver: 20:56:05: pam_start ("xscreensaver", "keegan", ...) ==> 0 (Success) xscreensaver: 20:56:05: pam_set_item (p, PAM_TTY, ":0.0") ==> 0 (Success) xscreensaver: 20:56:05: PAM ECHO_OFF("Password: ") ==> password xscreensaver: 20:56:05: pam_authenticate (...) ==> 0 (Success) xscreensaver: 20:56:05: pam_acct_mgmt (...) ==> 9 (Authentication service cannot retrieve authentication info.) xscreensaver: 20:56:05: pam_setcred (...) ==> 0 (Success) xscreensaver: 20:56:05: pam_end (...) ==> 0 (Success) xscreensaver: 20:56:05: password correct.
So we've got the first attempt with pam_bioapi
, which fails immediately (no sign of the GUI fingerprint prompt, nor a "silent" chance to swipe the finger as with xdm), then the fallback to pam_unix
which succeeds. Earlier I had xscreensaver set up to only try pam_bioapi
, with essentially the same result -- it gives up on pam entirely and does unix auth itself.
I'd really like to strace the pam module and see what it's attempting to do to /proc/bus/usb, but as that actually fixes the problem I'm kinda at a loss. Maybe there's some kernel option to print debugging info for usbfs? I'd be all for changing the article to suggest using mount options in /etc/fstab, if it weren't for this one weird bug. Has anyone else had the same problem?
-- keegan
Driver Expiring!!!
Don't anyone notice that both betas of the UPEK driver is expiring in about a month in the new year, Jan 1st 2006? They really mean it! I set my computer date to next year and get a message "the driver has expired" when using fingerprint reader! This is a grave threat to our computer lifestyle, i.e. for those of us who got it working and use it daily:) Is there any workaround other than setting the date back a year when new year come and wait for new driver? Is there a way to figure out where exactly in the driver it checked the date and how? The must have set it somewhere in file libtfmessbsp.so, but it is binary and I can't figure out how to Reverse Engineer it.
---Jiang
Yes, the beta driver will expire. The final version (which is due REALLY soon now) will not.
Sumedha
Any news? Just 9 days left to expiry. --Thinker 21:36, 22 Dec 2005 (CET)
The final is out, get it at UPEK's download page. And how does one edit the industry watch section of the main page?
--spiney 21:39, 22 Dec 2005 (CET)
Ah, great! Both the article page and the driver page it points to are out of date... For the news, just follow the "News" link in the main page.
--Thinker 21:44, 22 Dec 2005 (CET)
As this is now very soon I've updated the article page to link to the final driver, which is better in a few ways anyway. This is unless anyone minds (are there any unresolved issues with the final that don't exist in the betas?).
--keegan 05:06, 24 Dec 2005 (CET)
Updated xscreensaver patch
I've tried to address some usability issues with the old patch, e.g. that it calls the PAM bioapi module twice before falling back to the normal authentication methods. It can be found on my Fingerprint Reader page, feedback is very welcome.
--spiney 20:36, 22 Dec 2005 (CET)
Fingerprint or password
Is there any way to have PAM accept either a password or a finger swipe, right away? Sometimes one is more convenient, sometimes the other, so and it's a lot of trouble to wait for the UPEK scanner prompt and then cancel it in order to reach the password entry.