This is not really a LinuxQuestion, rather a LinuxHeadsUp
If you have a newer Thinkpad model (e.g. a X201s) with an integrated fingerprint scanner, you may be interested in using that device for logging in at a virtual terminal. In the past you needed to install
PAM for this to work, now there's a much less intrusive way: I've thrown together
a patch for
the shadow tool suite's login to make it prompt a specified user for the fingerprint instead of asking for the password. The scanning itself is done by
libfprint.
I have created packages of
the patched shadow tool suite as well as libfprint for Slackware64 13.37, whereas the latter only contains a driver for
upeke2 devices. If you need one of
the other drivers instead, don't lose hope just yet! You can easily change the included driver in
my build and recompile the package:
Code:
tar xjf libfprint-0.4.0.tar.bz2
cd libfprint
wget http://people.freedesktop.org/~hadess/libfprint-0.4.0.tar.bz2
sed -i "s/upeke2/$DRIVER/" libfprint.SlackBuild
./libfprint.SlackBuild
The reason I deactivated the other drivers is that I only have access to a
upeke2 device and didn't want to release security critical software without having a chance to test it. Better be safe than sorry... I would like to hear from people for whom it works with other drivers, however. After installing the packages and enrolling your fingerprint, you only need to specify your user as the
FPRINT_USER in
/etc/login.defs and restart the login process (or simply reboot). The next time you enter your user at login, you'll have to swipe your finger to authenticate.
A few caveats:
- as said, only tested with upek2 for now (though it probably works with other drivers too)
- only one user can be the FPRINT_USER at the moment
- enrollment has to be done elsewhere, e.g. with fprint_demo (no need to install it, just compile, run and delete it after installing my libfprint package)
Update: I briefly tested a
upekts device today and it seems to work fine. An updated package with both
upekts and
upeke2 is available.
Update: As written in my next post, it is now possible to have multiple users authenticate with their fingerprints. These users should be members of both
plugdev (for accessing the device) and
fpauth (so the login process knows whether to prompt them for their password or their fingerprint),
FPRINT_USER is no longer used. Links in this post already lead to the new variant, just download and install it as you did before:
Code:
upgradepkg --reinstall shadow-4.1.4.3-x86_64-2_sinic.txz
You'll have to enroll your fingerprints a second time, now as a regular user instead of root. Read my next post for details.
Update: Yet another update to my login patch... Furthermore I've
patched vlock to make it unlock the screen upon scanning the right fingerprint. The preconditions described above must be met: Your user should be a member of the groups
plugdev and must be a member
fpauth. Locking the screen with vlock also requires you to be a member of
vlock. A package is available, as always, at
my Slackware page.