Talk:How to enable the integrated fingerprint reader with ThinkFinger

From ThinkWiki
Revision as of 04:16, 20 October 2009 by Thelees.andy (Talk | contribs) (Trouble entering password to unlock screensaver: new section)
Jump to: navigation, search

about fingerpring security or should we pay more for it?



With latest versions of GDM, PAM and ThinFinger you may experience a GDM segfault when using the Face Browser to select a user. This stops you from using the aforementioned software combination to log in to a pure tablet system. That is, you're going to need a keyboard to type the username. Please see this bug report and contribute if you can.


Hello! I have Lenovo R61i and Debian 4.0 (sid). I have done all what was in this article, but when I do:

pokorski@debian:~$ sudo tf-tool --acquire

the terminal is writing:

ThinkFinger 0.3 ( Copyright (C) 2006, 2007 Timo Hoenig <>

Initializing...USB device not found.

I read manuals and howtos but I can't install it on my R61i. On M$ Windows biometric reader worked correctly. Can anybody help me? Sorry for my English (I'm Polish)

- Hi, I have the same notebook, runnning ubuntu 8.04, and it seems this device isn't supported by thinkfinger, what worked for me is libfprint, the newest version. 

Intrepid Ibex

Has anyone got thinkfinger to work with pam in Ubuntu Intrepid Ibex? If so, how did you configure /etc/pam.d/common_auth?

Configuration of thinkfinger has been simplified, but the change was not not documented in the man page... This bug report will probably help. Install the modified packages mentioned in the HowTo. My /etc/pam.d/common-auth (note "-" not "_") looks like following. Best, Tec 02:20, 19 November 2008 (CET)

# here are the per-package modules (the "Primary" block)
auth    sufficient
auth    [success=1 default=ignore] try_first_pass nullok_secure
#auth   [success=1 default=ignore] nullok_secure
# here's the fallback if no module succeeds
auth    requisite             
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth    required              
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config

Security issue

Hello, I think adding to /etc/pam.d/common-auth is not that good idea. On my gentoo laptop after adding this, it is possible to login from ssh with the fingerprint reader, I think this is not good.

For example ( 169-44 is a remote host, Derex-PC is my laptop with thinkfinger ):

derex@169-44:~$ ssh root@
Password or swipe finger:
derex@Derex-PC ~ $ su -

Then I swipe my finger on the laptop, and press enter (just it, no password) on the remote host, and I get this:

derex@169-44:~$ ssh root@
Password or swipe finger:
Last login: Wed Jan 28 13:36:15 EET 2009 from on pts/1
Last login: Wed Jan 28 13:48:17 2009 from
Derex-PC ~ #
derex@Derex-PC ~ $ su -
su: Authentication failure
derex@Derex-PC ~ $
"su" prompts for "Password" only, but ususally it asks "Password or swipe finger".

I added only to gdm, gnome-screensaver, login and su in /etc/pam.d/ and now I dont have this issue.

Trouble entering password to unlock screensaver

On Ubuntu Jaunty, I've got the password reader working fine, but now once gnome-screensaver kicks in, I can only unlock it using the fingerprint reader. If I enter my password, it flips to "checking" and stays that way until I cancel it. Anyone else seeing anything like this?