LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 12-15-2011, 02:18 PM   #1
sinic
LQ Newbie
 
Registered: Jun 2009
Posts: 9

Rep: Reputation: 4
Authentication via the integrated fingerprint reader in newer Thinkpads


This is not really a LinuxQuestion, rather a LinuxHeadsUp

If you have a newer Thinkpad model (e.g. a X201s) with an integrated fingerprint scanner, you may be interested in using that device for logging in at a virtual terminal. In the past you needed to install PAM for this to work, now there's a much less intrusive way: I've thrown together a patch for the shadow tool suite's login to make it prompt a specified user for the fingerprint instead of asking for the password. The scanning itself is done by libfprint.

I have created packages of the patched shadow tool suite as well as libfprint for Slackware64 13.37, whereas the latter only contains a driver for upeke2 devices. If you need one of the other drivers instead, don't lose hope just yet! You can easily change the included driver in my build and recompile the package:

Code:
tar xjf libfprint-0.4.0.tar.bz2
cd libfprint
wget http://people.freedesktop.org/~hadess/libfprint-0.4.0.tar.bz2
sed -i "s/upeke2/$DRIVER/" libfprint.SlackBuild
./libfprint.SlackBuild
The reason I deactivated the other drivers is that I only have access to a upeke2 device and didn't want to release security critical software without having a chance to test it. Better be safe than sorry... I would like to hear from people for whom it works with other drivers, however. After installing the packages and enrolling your fingerprint, you only need to specify your user as the FPRINT_USER in /etc/login.defs and restart the login process (or simply reboot). The next time you enter your user at login, you'll have to swipe your finger to authenticate.

A few caveats:
  • as said, only tested with upek2 for now (though it probably works with other drivers too)
  • only one user can be the FPRINT_USER at the moment
  • enrollment has to be done elsewhere, e.g. with fprint_demo (no need to install it, just compile, run and delete it after installing my libfprint package)

Update: I briefly tested a upekts device today and it seems to work fine. An updated package with both upekts and upeke2 is available.

Update: As written in my next post, it is now possible to have multiple users authenticate with their fingerprints. These users should be members of both plugdev (for accessing the device) and fpauth (so the login process knows whether to prompt them for their password or their fingerprint), FPRINT_USER is no longer used. Links in this post already lead to the new variant, just download and install it as you did before:
Code:
upgradepkg --reinstall shadow-4.1.4.3-x86_64-2_sinic.txz
You'll have to enroll your fingerprints a second time, now as a regular user instead of root. Read my next post for details.

Update: Yet another update to my login patch... Furthermore I've patched vlock to make it unlock the screen upon scanning the right fingerprint. The preconditions described above must be met: Your user should be a member of the groups plugdev and must be a member fpauth. Locking the screen with vlock also requires you to be a member of vlock. A package is available, as always, at my Slackware page.

Last edited by sinic; 12-23-2011 at 06:16 PM. Reason: 3rd update
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 12-18-2011, 03:58 PM   #2
vehn
Member
 
Registered: Dec 2007
Posts: 54

Rep: Reputation: 17
Hm.. very interesting. I have sensor on Thinkpad w520 (supported by upeksonly driver, related to http://www.freedesktop.org/wiki/Soft...rint/upeksonly). Greet job, thank you!
 
Old 12-18-2011, 05:26 PM   #3
sinic
LQ Newbie
 
Registered: Jun 2009
Posts: 9

Original Poster
Rep: Reputation: 4
I've uploaded a new shadow package that includes an updated patch. Now it should be possible to have multiple users authenticating via their fingerprints. Instead of specifying the user in /etc/login.defs, you now only have to add the users to a group named fpauth (that you have to create on your own).

The prints are now read from the respective user's home directory, not /root. This is something I probably should have explained in more detail in my previous post: It is critical that you enroll the fingerprints as the right user. Previously that would have been root (since that is the login process's user), now it is the user to be authenticated later.

Also note that the user should be a member of the group plugdev to access the fingerprint device. That's not an issue when logging in, since that process runs as root anyways. It is important when enrolling the fingerprint with fprint_demo, however.
 
2 members found this post helpful.
Old 12-07-2012, 05:40 AM   #4
VisionIncision
Member
 
Registered: Dec 2011
Location: London, UK
Distribution: Slackware64 14
Posts: 100

Rep: Reputation: Disabled
Has anybody tried this out with Slackware64 14?
 
Old 09-18-2014, 03:06 PM   #5
Hyonane
LQ Newbie
 
Registered: Sep 2011
Location: Brazil
Distribution: Slackware64-current+multilib
Posts: 28

Rep: Reputation: Disabled
Going to test it on slackware64-current saturday or sunday
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
USB Fingerprint Reader striker07 Linux From Scratch 2 05-29-2011 10:30 AM
Fingerprint reader not working Athaa Linux - Laptop and Netbook 2 12-01-2009 05:23 AM
Does a fingerprint-reader work under Linux? bjorfr Linux - Newbie 4 10-08-2008 01:59 PM
KDM+Fingerprint reader kinus Linux - Software 1 01-13-2007 08:20 AM
T42 with fingerprint reader for SUSE Beni Suse/Novell 2 01-07-2005 05:23 PM


All times are GMT -5. The time now is 05:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration