Difference between revisions of "How to enable integrated fingerprint reader with fprint"

From ThinkWiki
Jump to: navigation, search
(Ubuntu 11.04)
Line 1: Line 1:
 
== Ubuntu 12.04 ==
 
== Ubuntu 12.04 ==
 +
<pre>
 
apt-get install libpam-fprint
 
apt-get install libpam-fprint
 
dpkg-reconfigure -plow libpam-runtime # Enable fingerprint reader
 
dpkg-reconfigure -plow libpam-runtime # Enable fingerprint reader
 
+
</pre>
 
== Ubuntu 11.04 ==
 
== Ubuntu 11.04 ==
 
The UPEK [[integrated fingerprint reader]] on the ThinkPad {{X220}} is supported in Ubuntu 11.04 (natty).
 
The UPEK [[integrated fingerprint reader]] on the ThinkPad {{X220}} is supported in Ubuntu 11.04 (natty).
Line 11: Line 12:
 
</pre>
 
</pre>
  
Observe that the needed lines in <tt>common-auth</tt> are already present.
+
== Ubuntu configuration ==
 +
The needed lines in <tt>common-auth</tt> should now be present.
 
<pre>
 
<pre>
 
$ grep fprint /etc/pam.d/common-auth
 
$ grep fprint /etc/pam.d/common-auth

Revision as of 22:20, 15 May 2012

Ubuntu 12.04

apt-get install libpam-fprint
dpkg-reconfigure -plow libpam-runtime # Enable fingerprint reader

Ubuntu 11.04

The UPEK integrated fingerprint reader on the ThinkPad X220 is supported in Ubuntu 11.04 (natty).

Install the necessary packages if they aren't already present.

aptitude install libpam-fprintd

Ubuntu configuration

The needed lines in common-auth should now be present.

$ grep fprint /etc/pam.d/common-auth
auth	[success=2 default=ignore]	pam_fprintd.so 

Log in to the desktop. Open a terminal. In the terminal run fprintd-enroll and swipe your right index finger five times. Now you should be able to authenticate by swiping your right index finger.

If you have an encrypted home directory then logging in from GDM by fingerprint does not work: the home directory cannot be decrypted. The solution is to log in from GDM with a password. (You encrypted your home directory so that even if someone has physical access to your computer, and it's turned off, then she can't read your files without taking it to the NSA. But if she's a bit clever and handy she can fool the fingerprint reader using a fingerprint lifted from the computer case.)

The problem is that GDM follows the default authentication procedure which starts with an attempt to read a fingerprint. Only once this fails or times out is a password requested. That is not convenient. To eliminate fingerprint authentication from the display manager login, edit /etc/pam.d/gdm or /etc/pam.d/lightdm so that it includes /etc/pam.d/common-auth-nofinger rather than /etc/pam.d/common-auth; copy /etc/pam.d/common-auth to /etc/pam.d/common-auth-nofinger and remove the line auth [success=3 default=ignore] pam_fprintd.so from the latter.