ThinkFinger

Install ThinkFinger on Ubuntu

Thinkfinger is a free driver for the SGS Thomson Microelectronics fingerprint reader that you can find on some Lenovo/Thinkpad, Dell and Toshiba laptops. Be aware that ThinkFinger only works for this specific reader. Some Lenovo/Dell/Toshiba laptops contain other brands of reader, such as UPEK.

ThinkFinger website

  • Warning
    Thinkfinger is beta software. Installing it will break some things or not work as expected. Do not install it if you are not an experienced user. See the "known problems" sections below.

This howto was written for ThinkFinger 0.2.2 on a Toshiba Satellite U200-163 running Edgy.

  • Note
    Furthermore the project seems dead and seems to have been superseded by the fprint project.

Quick Howto for Ubuntu 10.04

# Install packages
sudo apt-get install libpam-thinkfinger
# Enable the uinput kernel module to load on boot
echo -e "# For thinkfinger to work\nuinput" | sudo tee -a /etc/modules > /dev/null
# Create a pam profile to enable fingerprint authentication for login and sudo
cat << EOF | sudo tee /usr/share/pam-configs/thinkfingermanualinstall > /dev/null
Name: Manually installed thinkfinger pam profile
Default: yes
Priority: 900
Auth-Type: Primary
Auth:
        [success=end default=ignore]    pam_thinkfinger.so
EOF
# Enable the pam profile
sudo pam-auth-update --package thinkfingermanualinstall
# Register your fingerprints for the currently logged in user
sudo tf-tool --add-user $USER

Packages

Thinkfinger 0.3 is available in universe for Lucid 10.04, so you don't need to compile it, nor enable any Personal Package Archives.

Thinkfinger in Intrepid has several known issues. Make sure you check the current and past (fixed) bugs list.

Thinkfinger 0.3 is available in repos to Hardy and Lucid

Thinkfinger 0.3 is available from a PPA in gutsy.

deb     http://ppa.launchpad.net/jldugger/ubuntu gutsy main restricted universe multiverse
deb-src http://ppa.launchpad.net/jldugger/ubuntu gutsy main restricted universe multiverse

Just add to your software sources, as it will likely see published updates over time. To install it, after you added the PPA sources :

sudo apt-get install thinkfinger-tools  libpam-thinkfinger 

Download and compile

This step is only necessary, if there are no packages available for your Ubuntu (see previous section).

  1. Download and untar the source code from the Sourceforge page

  2. Install required dependencies

sudo apt-get install build-essential libtool libusb-dev libpam0g-dev pkg-config
  1. Create the directory that will store fingerprints

sudo mkdir /etc/pam_thinkfinger
  1. Configure and compile the whole thing (3 commands to run separatly in the source folder you just unzipped above):

./configure --with-securedir=/lib/security --with-birdir=/etc/pam_thinkfinger
make
sudo make install

Test the fingerprint reader

We will acquire a fingerprint that we will store temporarly to test if the reader works properly.

  1. Acquire the fingerprint with the command

sudo tf-tool --acquire

It will ask for your fingerprint 3 times (or more if there are failed scans). One trick to get a good scan is to roll your finger all the way to the tip, like your trying to finish the swipe by scratching the sensor with your fingernail.

  1. Test your fingerprint

sudo tf-tool --verify

It will tell you if the scan match the one acquired above.

A typical test session is something like this :

ploum@spoutnik:~$ sudo tf-tool --acquire

ThinkFinger 0.2.2 (http://thinkfinger.sourceforge.net/)
Copyright (C) 2006, 2007 Timo Hoenig <thoenig@suse.de>

Initializing... done.
Please swipe your finger (successful swipes 3/3, failed swipes: 0)... done.
Storing data (/tmp/test.bir)... done.
ploum@spoutnik:~$ sudo tf-tool --verify

ThinkFinger 0.2.2 (http://thinkfinger.sourceforge.net/)
Copyright (C) 2006, 2007 Timo Hoenig <thoenig@suse.de>

Initializing... done.
Please swipe your finger (successful swipes 1/1, failed swipes: 0)... done.
Result: Fingerprint does match.

Note:

If you encounter the following error,

ploum@spoutnik:~$ sudo tf-tool --acquire
tf-tool: error while loading shared libraries: libthinkfinger.so.0: cannot open shared object file: No such file or directory

It can be easily fixed by running ldconfig as follows:

ploum@spoutnik:~$ sudo ldconfig

Use it everyday !

We will now tell PAM to use the fingerprint scanner so you can just swipe your finger instead of typing your password.

Enable thinkfinger for PAM

Ubuntu 10.04

  1. Create the file /usr/share/pam-configs/thinkfingermanualinstall so it looks like:

Name: Manually installed thinkfinger pam profile
Default: yes
Priority: 900
Auth-Type: Primary
Auth:
        [success=end default=ignore]    pam_thinkfinger.so
  1. Run pam-auth-update, check that the entry Manually installed thinkfinger pam profile is enable and hit Ok.

sudo pam-auth-update

Older Ubuntu versions

  1. Modify the file /etc/pam.d/common-auth so it looks like :

#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#
auth    sufficient      pam_thinkfinger.so
auth    required        pam_unix.so try_first_pass nullok_secure

In fact you just have to add the auth line for pam_thinkfinger before the next line and you have to add the try_first_pass argument.

NOTE: Ubuntu Intrepid - No need to modify the file /etc/pam.d/common-auth manually, just run:

sudo /usr/lib/pam-thinkfinger/pam-thinkfinger-enable

Register your fingerprints

  1. Add your fingerprint in the known fingerprint database :

NOTE: This step is not needed and won't work in ver. 0.3 and superior.

NOTE: Ubuntu Hardy - https://bugs.launchpad.net/ubuntu/+source/thinkfinger/+bug/203973

sudo tf-tool --add-user your_login

That's all ! You can now log yourself from GDM or in console by simply swiping your finger ! If the shell says some error like "Unable to set ACL of aquired file: /etc/pam_thinkfinger/your-login.bir: Operation not supported", you are safe to ignore it. Or you can add the mount option "acl" to the root filesystem:

/dev/sda1 / ext3    defaults,acl,noatime,errors=remount-ro 0       1

Known problems

  • After upgrading from Hardy to intrepid carriage-return required after finger scan bug #256429

workaround: use Jon Oberheide's PPA packages listed in the https://bugs.edge.launchpad.net/ubuntu/+source/thinkfinger/+bug/256429/comments/21.

  • Biggest problem : gksudo will become "invisible". It means that if you launch any program with gksudo, it will wait forever until your swipe your finger without displaying anything on the screen. For example, if you launch synaptic from the menu, nothing will happen. Swipe your finger and synaptic appears! (This is bug #86843 or upstream bug #19132)l a gksudo

Fixed: Simply install a newer sudo as detailed here

Fixed: Solved for Ubuntu Hardy, at least since July 27 2008. Works auto-magically upon installation of packages.

  • Gnome-keyring doesn't use PAM. So you have to type your password. A workaround for gnome-keyring is available, but this doesn't work if you authenticated via fingerprint. Same holds for pam_ssh.

Fixed: Solved for Ubuntu Hardy, at least since July 27 2008. Works auto-magically upon installation of packages.

  • Gnome-screensaver doesn't ask for your fingerprint. You have to type your password as usual. This is bug #411293.

Not fixed fo Jaunty yet An old solution would be this three steps , try step one restart test if it still not working go on with 2 and 3 :

1. Change the permissions on $HOME/.thinkfinger_bir so that it is owned by the user, not by root:

$ sudo chown YOURUSERNAME .thinkfinger.bir

2. Changing the permissions of the uinput device, which was root:root, and instead this is needed:

chown root\:plugdev /dev/input/uinput

3. Add the udev rule :

sudo nano /etc/udev/rules.d/60-thinkfinger.rules 

and paste this :

#
# udev rules file for the thinkfinger fingerprint scanner
#

# uinput device
KERNEL=="uinput", MODE="0660", GROUP="plugdev"

save and reboot!

FIXXED: http://en.thinkwiki.org/wiki/How_to_enable_the_fingerprint_reader_with_ThinkFinger#xscreensaver.2Fgnome-screensaver

Fixed: Solved for Ubuntu Hardy, at least since July 27 2008. Works auto-magically upon installation of packages.

  • It's not translated. You will see "Password or swipe finger:" in English, not in your locale. You can fix gdm, adding ThinkFinger message to perhaps_translate_message() in daemon/verify-pam.c. Then you need to regenerate POT file and update PO file for your language.

  • Does not seem to work properly with Kubuntu: login session does not work with fingerprints (there's a bug report for KDM), "kdesu" applications fail to start, sometimes root launching succeeds without any authentication at all, ... But basic fingerprinting works perfectly for "tf-tool" (create or verify fingerprints).

KDE

  • Neither KDM nor KDE screen lock do not support reading fingerprints. Then only thing that currently works with thinkfinger in KDE is ksudo.

F.A.Q

  • Can I still use a regular password ?

  • Yes. The "enter your password" will be replaced by "Enter your password or swipe your finger". You can still use your password if you are wearing gloves (just an example)
  • I have a "Could not claim USB device" error

  • You must run tf-tool as root or use "sudo" in front of the command.
  • I still need to type my login. I want to only swipe my finger.

  • Indeed, it would be cool. This is a feature currently not supported by Thinkfinger but it might be available in future releases.
  • 0.2.3 or superior doesn't work !

  • Just keep 0.2.2 for now. 0.2.3 requires the uinput module (that can be loaded with a simple sudo modprobe uinput) so it's easier to stick with 0.2.2 until all issues are solved. Alternatively justr add uinput to /etc/modules to make sure it always loads.

To be able to use ThinkFinger 0.3

To be able to use ThinkFinger 0.3 you have to load the kernel module "uinput". To check if it is loaded already:

$ lsmod | grep uinput

Load this module, if it's not loaded:

$ sudo modprobe uinput

or you can add it to the list in "/etc/modules" to make it load automatically at boot time:

$ sudo nano -w /etc/modules

or

$ sudo gedit /etc/modules

Typically it looks like this:

# /etc/modules: kernel modules to load at boot time.
#
# This file contains the names of kernel modules that should be loaded
# at boot time, one per line. Lines beginning with "#" are ignored.

fuse
lp
sbp2
uinput

ThinkFinger (last edited 2012-04-09 01:50:13 by de55)