Script for enabling the fingerprint reader with BioAPI
Using the integrated fingerprint reader under Linux is currently a fairly complicated process. The following script automates the installation of the fingerprint software, for some Linux distributions. It covers most components (bioapi framework, driver, pam_bioapi, PAM setup, USB device permissions pamtester and enrolling), and handles all the downloading, patching and installation.
Usage: just copy into a file and run as root.
After installation, all PAM-enabled system functions will use the fingerprint reader (and if it fails, default to the usual password entry). This includes:
- KDE's KDM login (enter an empty password, then swipe finger)
- KDE's screensaver (enter an empty password, then swipe finger)
- Gnome's GDM login
Everything is intalled into /opt/bioapi, so it doesn't pollute your filesystem. The only effects outside /opt/bioapi are one-line changes to the ldconfig configuration, PAM configuration and /etc/rc.local, and a few symlinks in /lib/security.
Distributions supported by this script
- Fedora 4, 5, 6
- Red Hat Enterprise Linux 4
If you add support for additional distributions, please update this script (using conditionals where necessary) instead of branching it.
The patch has been moved to http://cvs.pld-linux.org/cgi-bin/cvsweb/SOURCES/Attic/bioapi-c++.patch?rev=1.3. However in CVS it has been marked as obsolete.
Ideas for improvement
- Support more distributions
- Minimize changes to /etc/pam.d/system-auth by creating a separate file (e.g., /etc/pam.d/bioapi-auth) and @include-ing it.
- Do something about /etc/pam.d/sshd - it invokes /etc/pam.d/system-auth by stacking, so remote SSH logins now invoke the fingerprint reader... See related discussion in How_to_enable_the_fingerprint_reader.
- Install and configure a patched xscreensaver (as explained in How_to_enable_the_fingerprint_reader).
- Add "OnResume 10 /opt/bioapi/bin/set_fingerprint_perms" to suspend2's /etc/hibernate/hibernate.conf?
- The script ends with:
Connecting to XXX.XXX.XXX.XXX:80... connected. Proxy request sent, awaiting response... 401 Authorization Required Authorization failed.
(proxy don't need authorization) the file is under authorization