SDB:Using fingerprint authentication

Jump to: navigation, search


This article highlights the configuration and usage of fingerprint reader on openSUSE

Background information

With the ThinkFinger driver, openSUSE supports the fingerprint reader by UPEK/SGS Thomson Microelectronics included with some IBM and Lenovo Thinkpads. The same fingerprint reader can also be found in other laptops and either as a stand-alone device or built into some USB keyboards. For more details, refer to Thinkfinger README and fprint Documentation. If your system includes the fingerprint reader, you can use biometric authentication in addition to standard authentication via login and password. After registering their fingerprint, users can log in to the system either by swiping a finger on the fingerprint reader or by typing in a password.

If the hardware check detects the fingerprint reader integrated with your laptop (or connected to your system), the packages libthinkfinger and pam_thinkfinger, or fprintd and fprintd_pam are automatically installed.

Supported applications and actions

The PAM module pam_thinkfinger supports user authentication by fingerprint for the following applications and actions (although you may not be prompted to swipe your finger in all cases):

  • Logging in to GDM or a login shell
  • Unlocking your screen on the GNOME desktop
  • Starting YaST and the YaST modules
  • Starting an application with root permission: sudo or gnomesu
  • Changing to a different user identity with su or su-username

Managing fingerprints with Gnome Settings

Procedure: Registering a fingerprint

  • In Gnome Settings, click Details+Users to open the Users dialog. A list of users or groups in the system is displayed.

Gnome-user-settings.png

  • Select the user for whom you want to register a fingerprint and click button labeled Fingerprint Login.
  • In new popup, select a finger you want to save, then click Next.

Fingerprint-enroll.png

  • Popup prompts the user to swipe their finger until five readable fingerprints have been gathered.
  • After the fingerprint has been acquired successfully, click Accept to close the Fingerprint Configuration dialog and the dialog for the user.
  • If you also want to use fingerprint authentication for starting YaST or the YaST modules, you need to register a fingerprint for root, too. To do so, go the the part describing command line instructions and do them as root user.

You can remove your fingerprint from Gnome by pressing the same button you used to add fingerprints previously.

Troubleshooting: Cannot write PAM settings

To fix this error login as superuser and perform following

 cd /etc/pam.d
 mv common-auth common-auth-old
 ln -s common-auth-pc common-auth

Managing fingerprints with fprintd

Procedure: Registering a fingerprint

  • Open a shell and log in as root.
  • To register a fingerprint for a certain user, enter
 fprintd-enroll

fprintd prompts the user to swipe his finger until three readable fingerprints have been gathered.

  • If you also want to use fingerprint authentication for starting YaST or the YaST modules in the GNOME control center, you need to register a fingerprint for root, too.
  • Let the user swipe his finger. fprintd compares the fingerprint to the print stored for this user and provides a message if the fingerprints match.

As soon as the user's fingerprint has been successfully registered, the user can choose to authenticate with either fingerprint or password for the actions and applications listed above.

Procedure: Verifying or removing a fingerprint

  • Open a shell and log in as root.
  • To verify an existing fingerprint for a certain user, run the following command:
 fprintd-verify
  • Let the user swipe his finger. fprintd compares the fingerprint to the print stored for this user and provides a message if the fingerprints match.
  • To remove a user's fingerprint, run the following command:
fprintd-delete

Procedure: Doing a test run

  • In a shell, run
 fprintd-enroll
  • You can see enrolled fingerprints with:
 fprintd-list
  • To verify the fingerprint, run
 fprintd-verify

Further information