ThinkFinger

Differences between revisions 4 and 24 (spanning 20 versions)
Revision 4 as of 2007-02-21 18:25:21
Size: 4242
Editor: user-85-201-20-239
Comment: finished ?
Revision 24 as of 2007-10-22 16:57:38
Size: 6969
Editor: vpnwl-230-57
Comment:
Deletions are marked like this. Additions are marked like this.
Line 9: Line 9:
Warning : Thinkfinger is still beta-software. Installing it '''will''' break some things or not work as expected. Do not install it if you are not an experienced user. See the "known problems" sections below.

== Packages ==

Thinkfinger 0.2.2 package is [http://ploum.fritalk.com/thinkfinger_0.2.2_i386.deb available here]. Just download it and install it by clicking on it. (works in Edgy). You can then skip the "Download and compile" section.

Thinkfinger 0.3 is available from a PPA in gutsy.

{{{
deb http://ppa.launchpad.net/jldugger/ubuntu gutsy main restricted universe multiverse
deb-src http://ppa.launchpad.net/jldugger/ubuntu gutsy main restricted universe multiverse
}}}
Just add to your software sources, as it will likely see published updates over time. For the moment you still need to follow the steps below to register a new user.
Line 12: Line 26:
 2. Install required dependancies  2. Install required dependencies
Line 14: Line 28:
sudo apt-get install build-essential libtool libusb-dev libpam0g-dev sudo apt-get install build-essential libtool libusb-dev libpam0g-dev pkg-config
Line 26: Line 40:
Line 43: Line 58:
A typical test session is something like that : A typical test session is something like this :
Line 61: Line 76:
}}}

=== Note: ===
If you encounter the following error,
{{{
ploum@spoutnik:~$ sudo tf-tool --acquire
tf-tool: error while loading shared libraries: libthinkfinger.so.0: cannot open shared object file: No such file or directory
}}}
It can be easily fixed by running ldconfig as follows:
{{{
ploum@spoutnik:~$ sudo ldconfig
Line 92: Line 118:
 * Biggest problem : gksudo will become "invisible". It means that if you launch any program with gksudo, it will wait forever until your swipe your finger without displaying anything on the screen. For example, if you launch synaptic from the menu, nothing will happen. Swipe your finger and synaptic appears !
 * Gnome-keyring and gnome-screensaver don't use PAM. So you have to type your password. Fingerprint doesn't work here.
 * It's not translated. You will see "Type your password or swipe your finger" in english, not in your locale.
 * Biggest problem : gksudo will become "invisible". It means that if you launch any program with gksudo, it will wait forever until your swipe your finger without displaying anything on the screen. For example, if you launch synaptic from the menu, nothing will happen. Swipe your finger and synaptic appears! (This is [https://bugs.launchpad.net/ubuntu/+source/gksu/+bug/86843 bug #86843] or [http://savannah.nongnu.org/bugs/?19132 upstream bug #19132])
 * Gnome-keyring doesn't use PAM. So you have to type your password. A [http://johnny.chadda.se/2007/02/21/unlock-the-gnome-keyring-upon-login/ workaround for gnome-keyring] is available, but this doesn't work if you authenticated via fingerprint. Same holds for pam_ssh.
 * Gnome-screensaver doesn't ask for your fingerprint. You have to type your password as usual. This is [http://bugzilla.gnome.org/show_bug.cgi?id=411293 bug #411293].
 * It's not translated. You will see "Password or swipe finger:" in English, not in your locale. You can fix gdm, adding ThinkFinger message to perhaps_translate_message() in daemon/verify-pam.c. Then you need to regenerate POT file and update PO file for your language.
 * Does not seem to work properly with Kubuntu: login session does not work with fingerprints (there's a [https://bugs.kde.org/show_bug.cgi?id=116682 bug report] for KDM), "kdesu" applications fail to start, sometimes root launching succeeds without any authentification at all, ... But basic fingerprinting works perfectly for "tf-tool" (create or verify fingerprints).
Line 104: Line 131:

 * '''I still need to type my login. I want to only swipe my finger.'''
 * Indeed, it would be cool. This is a feature currently not supported by Thinkfinger but it might be available in future releases.

 * '''0.2.3 or superior doesn't work !'''
 * Just keep 0.2.2 for now. 0.2.3 requires the uinput module (that can be loaded with a simple sudo modprobe uinput) so it's easier to stick with 0.2.2 until all issues are solved. Alternatively justr add uinput to /etc/modules to make sure it always loads.
 

Install ThinkFinger on Ubuntu

Thinkfinger is a free driver for the SGS Thomson Microelectronics fingerprint reader that you can find on most Lenovo/Thinkpad, Dell and Toshiba. Be aware that ThinkFinger only works for this specific model, some Lenovo/Dell/Toshiba laptops are using other models.

[http://thinkfinger.sourceforge.net/ ThinkFinger website]

This howto was written for ThinkFinger 0.2.2 on a [https://wiki.ubuntu.com/LaptopTestingTeam/ToshibaSatelliteU200-163 Toshiba Satellite U200-163] running Edgy.

Warning : Thinkfinger is still beta-software. Installing it will break some things or not work as expected. Do not install it if you are not an experienced user. See the "known problems" sections below.

Packages

Thinkfinger 0.2.2 package is [http://ploum.fritalk.com/thinkfinger_0.2.2_i386.deb available here]. Just download it and install it by clicking on it. (works in Edgy). You can then skip the "Download and compile" section.

Thinkfinger 0.3 is available from a PPA in gutsy.

deb     http://ppa.launchpad.net/jldugger/ubuntu gutsy main restricted universe multiverse
deb-src http://ppa.launchpad.net/jldugger/ubuntu gutsy main restricted universe multiverse

Just add to your software sources, as it will likely see published updates over time. For the moment you still need to follow the steps below to register a new user.

Download and compile

  1. Download and untar the source code from the [http://sourceforge.net/project/showfiles.php?group_id=179573 Sourceforge page]

  2. Install required dependencies

sudo apt-get install build-essential libtool libusb-dev libpam0g-dev pkg-config
  1. Create the directory that will store fingerprints

sudo mkdir /etc/pam_thinkfinger
  1. Configure and compile the whole thing (3 commands to run separatly in the source folder you just unzipped above):

./configure --with-securedir=/lib/security --with-birdir=/etc/pam_thinkfinger
make
sudo make install

Test the fingerprint reader

We will acquire a fingerprint that we will store temporarly to test if the reader works properly.

  1. Acquire the fingerprint with the command

sudo tf-tool --acquire

It will ask for your fingerprint 3 times (or more if there are failed scans).

  1. Test your fingerprint

sudo tf-tool --verify

It will tell you if the scan match the one acquired above.

A typical test session is something like this :

ploum@spoutnik:~$ sudo tf-tool --acquire

ThinkFinger 0.2.2 (http://thinkfinger.sourceforge.net/)
Copyright (C) 2006, 2007 Timo Hoenig <thoenig@suse.de>

Initializing... done.
Please swipe your finger (successful swipes 3/3, failed swipes: 0)... done.
Storing data (/tmp/test.bir)... done.
ploum@spoutnik:~$ sudo tf-tool --verify

ThinkFinger 0.2.2 (http://thinkfinger.sourceforge.net/)
Copyright (C) 2006, 2007 Timo Hoenig <thoenig@suse.de>

Initializing... done.
Please swipe your finger (successful swipes 1/1, failed swipes: 0)... done.
Result: Fingerprint does match.

Note:

If you encounter the following error,

ploum@spoutnik:~$ sudo tf-tool --acquire
tf-tool: error while loading shared libraries: libthinkfinger.so.0: cannot open shared object file: No such file or directory

It can be easily fixed by running ldconfig as follows:

ploum@spoutnik:~$ sudo ldconfig

Use it everyday !

We will now tell PAM to use the fingerprint scanner so you can just swipe your finger instead of typing your password.

  1. Modify the file /etc/pam.d/common-auth so it looks like :

#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#
auth    sufficient      pam_thinkfinger.so
auth    required        pam_unix.so try_first_pass nullok_secure

In fact you just have to add the auth line for pam_thinkfinger before the next line and you have to add the try_first_pass argument.

  1. Add your fingerprint in the known fingerprint database :

sudo tf-tool --add-user your_login

That's all ! You can now log yourself from GDM or in console by simply swiping your finger !

Known problems

  • Biggest problem : gksudo will become "invisible". It means that if you launch any program with gksudo, it will wait forever until your swipe your finger without displaying anything on the screen. For example, if you launch synaptic from the menu, nothing will happen. Swipe your finger and synaptic appears! (This is [https://bugs.launchpad.net/ubuntu/+source/gksu/+bug/86843 bug #86843] or [http://savannah.nongnu.org/bugs/?19132 upstream bug #19132])

  • Gnome-keyring doesn't use PAM. So you have to type your password. A [http://johnny.chadda.se/2007/02/21/unlock-the-gnome-keyring-upon-login/ workaround for gnome-keyring] is available, but this doesn't work if you authenticated via fingerprint. Same holds for pam_ssh.

  • Gnome-screensaver doesn't ask for your fingerprint. You have to type your password as usual. This is [http://bugzilla.gnome.org/show_bug.cgi?id=411293 bug #411293].

  • It's not translated. You will see "Password or swipe finger:" in English, not in your locale. You can fix gdm, adding ThinkFinger message to perhaps_translate_message() in daemon/verify-pam.c. Then you need to regenerate POT file and update PO file for your language.

  • Does not seem to work properly with Kubuntu: login session does not work with fingerprints (there's a [https://bugs.kde.org/show_bug.cgi?id=116682 bug report] for KDM), "kdesu" applications fail to start, sometimes root launching succeeds without any authentification at all, ... But basic fingerprinting works perfectly for "tf-tool" (create or verify fingerprints).

F.A.Q

  • Can I still use a regular password ?

  • Yes. The "enter your password" will be replaced by "Enter your password or swipe your finger". You can still use your password if you are wearing gloves (just an example)
  • I have a "Could not claim USB device" error

  • You must run tf-tool as root or use "sudo" in front of the command.
  • I still need to type my login. I want to only swipe my finger.

  • Indeed, it would be cool. This is a feature currently not supported by Thinkfinger but it might be available in future releases.
  • 0.2.3 or superior doesn't work !

  • Just keep 0.2.2 for now. 0.2.3 requires the uinput module (that can be loaded with a simple sudo modprobe uinput) so it's easier to stick with 0.2.2 until all issues are solved. Alternatively justr add uinput to /etc/modules to make sure it always loads.

ThinkFinger (last edited 2012-04-09 01:50:13 by de55)