Tue, 22 Jan 2008
I have got a cheap fingerprint reader (thanks Juraj!) and I have played a bit with it:
(image from this digitaltechnews.com article). It is an USB device, and it works surprisingly well with Linux. There is a comprehensive HOWTO available, but I will try to summarize steps needed for Fedora Linux:
- Run "
yum install thinkfinger". This is a set of user-space tools and a PAM module for this reader.
- If you do not have a distribution kernel, compile the
uinputmodule in (under
- Make sure your root filesystem is mounted with the
acloption (if not, run "
mount -o remount,acl /").
- Now you can play with
tf-tool --verifyand see whether the scanned fingerprint matches. From time to time I see the
usb_bulk_readerror mentioned here, usually running
- Using "
tf-add --add-user logname" add your fingerprint to the system database.
- Configure PAM. I have added the boldface text into
auth sufficient /lib/security/$ISA/pam_thinkfinger.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok try_first_pass
- Run "
modprobe uinput" as root.
- Restart your display manager using
init 3, wait few seconds, and then
- And that's it: user which has been added using
tf-tool --add-usershould be able to login with his finger now! In Fedora, HAL manages access control lists of devices, so a separate group
fingerprintas described in the HOWTO above is not necessary.
So far I think this technology is interesting, even though it is not always
100 % reliable. It is however usable for
local logins only. It would be nice if more local apps such as
ssh-askpass or Revelation
can use it.