How to enable the integrated fingerprint reader with ThinkFinger

From ThinkWiki
Revision as of 12:49, 18 February 2007 by Zhenech (Talk | contribs) (Configuring PAM to use ThinkFinger)
Jump to: navigation, search

How to enable the fingerprint reader has a good explanation for using the fingerprint reader with the closed-source binary driver. But there is also an opensource project called ThinkFinger which does the same, but open.

Installing from source

Speaking for Debian and Gentoo, there are no packages of ThinkFinger in the repositories yes, so I describe the installation from source.

Download thinkfinger-0.2.2.tar.gz from the homepage and unpack it somewhere, make sure you have libusb-dev and libpam0g-dev installed, then:

$ cd thinkfinger-0.2.2

$ ./configure --with-securedir=/lib/security --with-birdir=/etc/pam_thinkfinger

$ make

# make install

NOTE!
/lib/security is the dir, where pam assumes its modules on Debian, it may vary for your distro!

If everything went ok assert that you find pam_thinkfinger.so in /lib/security typing:

$ ls /lib/security

Testing the driver

Now the driver is installed and should be working. You can try it with

# tf-tool --acquire

and

# tf-tool --verify

This will ask you to swipe your finger three times, save the fingerprint to /tmp/test.bir and then verify your fingerprint with the bir-file.

Configuring PAM to use ThinkFinger

Now you can configure pam to use ThinkFinger:

Open /etc/pam.d/common-auth:

# nano -w /etc/pam.d/common-auth

Add this line before any pam_unix or pam_unix2 directives:

auth     sufficient     pam_thinkfinger.so

If your PAM uses the pam_unix and not the pam_unix2 module, you need to pass a specific argument in the /etc/pam.d/common-auth directive to make it consider the password entered at the pam_thinkfinger prompt.

auth     required     pam_unix.so try_first_pass

For instance my /etc/pam.d/common-auth looks like this:

auth    sufficient      pam_thinkfinger.so
auth    required        pam_unix.so nullok_secure try_first_pass

Now we are ready to add users to thinkfinger. As make install did not create /etc/pam_thinkfinger, we need to create it now:

# mkdir /etc/pam_thinkfinger

And now we can add a fingerprint for a user with:

# tf-tool --add-user $USERNAME

Now the user should be able to login with his finger, instead of the password.


This Howto was copied from Installing Ubuntu 6.06 on a ThinkPad T43 and then slightly modified by me.