ThinkFinger

ThinkFinger is a driver for the SGS Thomson Microelectronics fingerprint reader found in older IBM/Lenovo ThinkPads.

Related articles

ThinkWiki has a list of various fingerprint readers found in ThinkPads. Newer models using different readers might not work with ThinkFinger.

Installation

Install the thinkfingerAUR package.

Configuration

The uinput module needs to be loaded.

TF-Tool

Use tf-tool to test ThinkFinger. You will have to run this as root because a direct access to the USB devices is needed. Run tf-tool --acquire to generate a file at /etc/pam_thinkfinger/test.bir and tf-tool --verify to see if it identifies you correctly.

acquires and stores your fingerprint in , which is needed for an authentication with PAM.

PAM

See PAM.

/etc/pam.d/login

Change the file to look like this if you want to use your fingerprint to authenticate yourself on logon:

/etc/pam.d/su

Change this file to confirm the su command with a finger-swipe:

/etc/pam.d/su
#%PAM-1.0
auth            sufficient      pam_rootok.so
auth		sufficient 	pam_thinkfinger.so
auth		required	pam_unix.so nullok_secure try_first_pass
account		required	pam_unix.so
session		required	pam_unix.so

/etc/pam.d/sudo

Change this file to confirm the command with a finger-swipe:

/etc/pam.d/xscreensaver

XScreensaver is a bit tricky. First, configure PAM with a file /etc/pam.d/xscreensaver containing:

This still will not work because Xscreensaver cannot read/write from and . A udev rule must be written to authorize a new group read/write access.

First, create a new group, let us say fingerprint:

# groupadd fingerprint

Add the user you want to be able to unlock Xscreensaver with the fingerprint reader to the group:

# gpasswd -a <user> fingerprint

Logout and login again for the changes to take effect.

Next, search for uinput and bus/usb in your udev rules directory:

Copy the lines you found with grep in the previous step to a new udev rules file:

/etc/udev/rules.d/99fingerprint.rules
KERNEL=="uinput",  NAME="misc/%k", SYMLINK+="%k", MODE="0660", GROUP="fingerprint"
SUBSYSTEM=="usb_device", ACTION=="add", PROGRAM="/bin/sh -c 'K=%k; K=${K#usbdev};printf bus/usb/%%03i/%%03i ${K%%%%.*} ${K#*.}'", NAME="%c", MODE="0664", GROUP="fingerprint"
SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", NAME="bus/usb/$env{BUSNUM}/$env{DEVNUM}", MODE="0664", GROUP="fingerprint"

The difference between the rules in and those in should only be the addition of or at the end of the lines.

After adding the custom udev rules, you should give your user permissions to access their own fingerprint file:

As a last step, you need to remove the root setuid from , otherwise Xscreensaver will not be able to unlock with the fingerprint reader:

# chmod -s /usr/bin/xscreensaver

/etc/pam.d/gdm

Edit /etc/pam.d/gdm and add the following line to the top:

Then modify auth required pam_unix.so to look like this:

/etc/pam.d/xdm

Edit to look like this:

SLiM

To have thinkfinger support for the SLiM Login Manager, you need to activate PAM support.

Get the package source of the slim package from ABS, and edit the PKGBUILD so that the command builds SLiM with PAM support:

Rebuild the package and install it.

Then create :

Now restart SLiM and you may use the fingerprinter to login.

Alternative fingerprint reader software

Fprint is an alternative fingerprint reader software that works with some of the newer ThinkPad fingerprint readers.

gollark: What happens if the sizes are a few % off?
gollark: "Inherently quantum"? As far as I know any quantum computing operation can run on nonquantum stuff, just often very slowly.
gollark: Isn't the canon just "needs some quantum operations or it's very slow", not "requires quantum computing"?
gollark: They probably also don't go in the exact directions subway designers would want.
gollark: > mad social scientistI'd really like to see something like this somewhere.

See also
This article is issued from Archlinux. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.