Difference between revisions of "How to enable integrated fingerprint reader with fprint"

From ThinkWiki
Jump to: navigation, search
(Ubuntu 12.04 LTS)
Line 30: Line 30:
  
 
If you have an encrypted home directory then logging in from GDM by fingerprint does not work: the home directory cannot be decrypted.  The solution is to log in from GDM with a password.  (You encrypted your home directory so that even if someone has physical access to your computer, and it's turned off, then she can't read your files without taking it to the NSA.  But if she's a bit clever and handy she can fool the fingerprint reader using a fingerprint lifted from the computer case.)
 
If you have an encrypted home directory then logging in from GDM by fingerprint does not work: the home directory cannot be decrypted.  The solution is to log in from GDM with a password.  (You encrypted your home directory so that even if someone has physical access to your computer, and it's turned off, then she can't read your files without taking it to the NSA.  But if she's a bit clever and handy she can fool the fingerprint reader using a fingerprint lifted from the computer case.)
The problem is that GDM follows the default authentication procedure which starts with an attempt to read a fingerprint.  Only once this fails or times out is a password requested.  That is not convenient.  To eliminate fingerprint authentication from the display manager login, edit <tt>/etc/pam.d/gdm</tt> or <tt>/etc/pam.d/lightdm</tt> so that it includes <tt>/etc/pam.d/common-auth-nofinger</tt> rather than <tt>/etc/pam.d/common-auth</tt>; copy <tt>/etc/pam.d/common-auth</tt> to <tt>/etc/pam.d/common-auth-nofinger</tt> and remove the line <tt>auth [success=3 default=ignore] pam_fprintd.so</tt> from the latter.
+
The problem is that GDM follows the default authentication procedure which starts with an attempt to read a fingerprint.  Only once this fails or times out is a password requested.  That is not convenient.   
 +
 
 +
To eliminate fingerprint authentication from the display manager login do the following.
 +
 
 +
<pre>
 +
sudo cp /etc/pam.d/common-auth /etc/pam.d/common-auth-nofinger
 +
</pre>
 +
 
 +
Edit <tt>/etc/pam.d/common-auth-nofinger</tt>.
 +
Remove the line "auth [success=3 default=ignore] pam_fprintd.so"; save and quit.
 +
 
 +
Edit <tt>/etc/pam.d/lightdm</tt> (or <tt>/etc/pam.d/gdm</tt>, if that's what you're using) so that it "@includes" <tt>/etc/pam.d/common-auth-nofinger</tt> rather than <tt>/etc/pam.d/common-auth</tt>.
  
 
[[Category: Ubuntu 12.04]]
 
[[Category: Ubuntu 12.04]]

Revision as of 09:11, 16 May 2012

Is your fingerprint reader recognized?

Log in to the desktop. Open a terminal. In the terminal run

lsusb

and look for the "Upek Biometric ... Fingerprint Sensor" device.

Ubuntu 12.04 LTS

Install the needed software.

sudo add-apt-repository ppa:fingerprint/fprint
sudo apt-get install libpam-fprintd

The needed lines in common-auth should now be present.

$ grep fprint /etc/pam.d/common-auth
auth	[success=2 default=ignore]	pam_fprintd.so 

Now run

fprintd-enroll

and swipe your right index finger five times as instructed. Now you should be able to authenticate by swiping your right index finger.

If you have an encrypted home directory then logging in from GDM by fingerprint does not work: the home directory cannot be decrypted. The solution is to log in from GDM with a password. (You encrypted your home directory so that even if someone has physical access to your computer, and it's turned off, then she can't read your files without taking it to the NSA. But if she's a bit clever and handy she can fool the fingerprint reader using a fingerprint lifted from the computer case.) The problem is that GDM follows the default authentication procedure which starts with an attempt to read a fingerprint. Only once this fails or times out is a password requested. That is not convenient.

To eliminate fingerprint authentication from the display manager login do the following.

sudo cp /etc/pam.d/common-auth /etc/pam.d/common-auth-nofinger

Edit /etc/pam.d/common-auth-nofinger. Remove the line "auth [success=3 default=ignore] pam_fprintd.so"; save and quit.

Edit /etc/pam.d/lightdm (or /etc/pam.d/gdm, if that's what you're using) so that it "@includes" /etc/pam.d/common-auth-nofinger rather than /etc/pam.d/common-auth.