Fingerprint reader

From Gentoo Wiki
Jump to:navigation Jump to:search
This article has some todo items:
  • how to enroll a fingerprint for a specific user
  • GNOME/KDE integration and development status of this features
  • Configure PAM to use fprintd

the three things above should be finished but they may need to be checked and expanded upon

Some laptops (especially those of the ThinkPad persuasion) come with an integrated fingerprint reader which can be used for authentication.

Many guides expect the fingerprint reader to be used in the place of a password. It is highly imperative to note: fingerprint reader technology is not considered to be secure by security experts.[1] Fingerprints should not be substituted for passwords for any device. Passwords can be easily changed; fingers cannot.[2] There are many known techniques to extract fingerprints from the device casing in order to gain access to the system through the fingerprint reader.

With the warning being understood, it is perfectly acceptable to use a fingerprint to identify the user account before signing with key-based or another form of authentication.

Available software

The fprint project is probably the most advanced approach to provide a solution for integrating fingerprint readers in Linux - other solutions such as thinkfinger are mostly outdated and do not provide such a general approach as well as fprint.
Name Package Homepage Description
fprint sys-auth/fprintd fprint consists of several components. The primary being a daemon which provides access to fprint functionality through D-Bus to applications, such as login managers (GDM, KDM, ...), screen locking mechanisms etc.
thinkfinger sys-auth/thinkfinger Support for the UPEK/SGS Thomson Microelectronics fingerprint reader, often seen in ThinkPad laptops.
python-validity sys-auth/python-validity-0.12::vowstar Some hardware needs open-fprintd fprintd-clients python3-validity packages to use fingerprint scaners, like Synaptics, Inc. Metallica MIS Touch Fingerprint Reader, etc. This packages extend fprint.

Enrolling a fingerprint

Enroll a fingerprint as a user:

user $fprintd-enroll

To enroll a fingerprint to a specific user[3], use the fprintd-enroll utility:

root #fprintd-enroll <user>

To enroll a certain finger:

root #fprintd-enroll -f right-index-finger <user>

To test if the finger is enrolled, use the fprintd-verify command:

user $fprintd-verify -f right-index-finger

Graphical Integration

This section has been flagged for not conforming to the wiki guidelines. Please help Gentoo out by starting fixing things.

KDE supports the adding/removing of fingerprints via their system settings app under the users tab by clicking configure fingerprint authentication.[4]

As for the enabling of it for graphical authentication you are able to login, wake up from sleep, and sudo in the terminal however it is unknown at this time whether you can replace the authentication popups.

Configuring fprintd for use with PAM

PAM is the authentication service used by Linux. To use a fingerprint reader with PAM, insert the following command in to the configuration file to make eligible for fingerprint.

FILE /etc/pam.d/(pam.d service)
auth            sufficient