Authentication via the integrated fingerprint reader in newer Thinkpads
This is not really a LinuxQuestion, rather a LinuxHeadsUp :)
If you have a newer Thinkpad model (e.g. a X201s) with an integrated fingerprint scanner, you may be interested in using that device for logging in at a virtual terminal. In the past you needed to install PAM for this to work, now there's a much less intrusive way: I've thrown together a patch for the shadow tool suite's login to make it prompt a specified user for the fingerprint instead of asking for the password. The scanning itself is done by libfprint. I have created packages of the patched shadow tool suite as well as libfprint for Slackware64 13.37, whereas the latter only contains a driver for upeke2 devices. If you need one of the other drivers instead, don't lose hope just yet! You can easily change the included driver in my build and recompile the package: Code:
tar xjf libfprint-0.4.0.tar.bz2 A few caveats:
Update: I briefly tested a upekts device today and it seems to work fine. An updated package with both upekts and upeke2 is available. Update: As written in my next post, it is now possible to have multiple users authenticate with their fingerprints. These users should be members of both plugdev (for accessing the device) and fpauth (so the login process knows whether to prompt them for their password or their fingerprint), FPRINT_USER is no longer used. Links in this post already lead to the new variant, just download and install it as you did before: Code:
upgradepkg --reinstall shadow-4.1.4.3-x86_64-2_sinic.txz Update: Yet another update to my login patch... Furthermore I've patched vlock to make it unlock the screen upon scanning the right fingerprint. The preconditions described above must be met: Your user should be a member of the groups plugdev and must be a member fpauth. Locking the screen with vlock also requires you to be a member of vlock. A package is available, as always, at my Slackware page. |
Hm.. very interesting. I have sensor on Thinkpad w520 (supported by upeksonly driver, related to http://www.freedesktop.org/wiki/Soft...rint/upeksonly). Greet job, thank you!
|
I've uploaded a new shadow package that includes an updated patch. Now it should be possible to have multiple users authenticating via their fingerprints. Instead of specifying the user in /etc/login.defs, you now only have to add the users to a group named fpauth (that you have to create on your own).
The prints are now read from the respective user's home directory, not /root. This is something I probably should have explained in more detail in my previous post: It is critical that you enroll the fingerprints as the right user. Previously that would have been root (since that is the login process's user), now it is the user to be authenticated later. Also note that the user should be a member of the group plugdev to access the fingerprint device. That's not an issue when logging in, since that process runs as root anyways. It is important when enrolling the fingerprint with fprint_demo, however. |
Has anybody tried this out with Slackware64 14?
|
Going to test it on slackware64-current saturday or sunday
|
Quote:
|
All times are GMT -5. The time now is 12:11 AM. |