How to enable integrated fingerprint reader with BioAPI

From ThinkWiki
Revision as of 15:24, 25 October 2005 by Wyrfel (Talk | contribs) (Installing the bioapi source)
Jump to: navigation, search

Disclaimer: This is how I got the fingerprint reader on my T43 to work. It can _NOT_ yet be used to log me into the system. Working on that.

This is on Ubuntu Breezy.


Basic driver installation

Getting required libs and tools

Installing the bioapi source

  • Get the bioapi source:
$ wget http://www.qrivy.net/~michael/blua/bioapi/bioapi-1.2.2.tar.bz2
  • I could not compile bioapi with the graphical Qt tools. To do it manually, do the following:
$ tar xjf bioapi-1.2.2.tar.bz2
$ cd bioapi-1.2.2
$ ./configure --with-Qt-dr=no
$ make
and then as root
# make install
Be aware that checkinstall will not work!

Installing the driver

unzip it into a seperate folder, as it will not create one.

  • Change to that folder and do as root:
# sh install.sh
# chmod 777 -R /usr/local/var/bioapi/
Actually this depends on where you installed, if you did as i wrote, it should work otherwise you probably know what you're doing anyways. :)
# touch /var/log/BSP.log && chmod 666 /var/log/BSP.log
# chmod 666 /proc/bus/usb/`lsusb
It might be nessecary to put the above line into a startup script somewhere.

Testing the driver

Go to the folder where you extracted TFMESS_BSP_LIN_1.0beta2.zip # cd NonGUI_Sample # ./Sample If it doesn't work, ask for help at: t43fingerprint (at) badcode.de

GDM Login via pam_bioapi

Getting required libs & tools

Installing pam_bioapi

  • Get and compile the pam_bioapi module.
$ wget http://www.qrivy.net/~michael/blua/pam_bioapi/pam_bioapi-0.2.1.tar.bz2
$ tar xjf pam_bioapi-0.2.1.tar.bz2
$ cd pam_bioapi-0.2.1
$ wget http://badcode.de/downloads/fingerprint.patch
$ patch -p0 < fingerprint.patch
If you want to, review the patch. In general you should review all code you download and compile, if possible.

The patch comes from this thread.

$ ./configure && make
and as root
# make install
  • Use the sample tool from the fingerprint reader to create <username>.bir

<username> must be the username you want to login with, gdm will probably break for any login name that has no .bir file.

  • As root do:
# BioAPITest | grep -A2 Fingerprint | tail -n1 | cut -b 12-
It should print something like
{5550454b2054464d2f45535320425350}
If it does, do:
# mkdir /etc/bioapi1.10/pam`BioAPITest
# cp <username>.bir /etc/bioapi1.10/pam`BioAPITest

Configuring pam

The following part is distribution specific. On Ubuntu you can modify /etc/pam.d/common-auth to look like this:

#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#
auth    sufficient      pam_bioapi.so {5550454b-2054-464d-2f45-535320425350} /etc/bioapi1.10/pam
auth    required        pam_unix.so nullok_secure

With this modification pam immediatelly starts to use the fingerprint reader to do local authorization (e.g. sudo/gdm use the fingerprint reader).

NOTE!
This was discovered through trial and success, if it is plain wrong, wikorrect it, please.

Now gdm should pop up an (ugly) image to swipe your finger and... magic - you can login without a password.

If you have questions or problems with this procedure, ask: t43fingerprint (at) badcode.de .