Difference between revisions of "Script for enabling the fingerprint reader with BioAPI"
(39 intermediate revisions by 11 users not shown) | |||
Line 1: | Line 1: | ||
− | The following script automates the installation of the fingerprint software for some Linux distributions. | + | Using the [[Integrated Fingerprint Reader|integrated fingerprint reader]] under Linux is currently a fairly complicated process. The following script automates the installation of the fingerprint software, for some Linux distributions. It covers most components (bioapi framework, driver, pam_bioapi, PAM setup, USB device permissions pamtester and enrolling), and handles all the downloading, patching and installation. |
− | + | Usage: just copy into a file and run as root. | |
− | + | After installation, all PAM-enabled system functions will use the fingerprint reader (and if it fails, default to the usual password entry). This includes: | |
+ | * KDE's KDM login (enter an empty password, then swipe finger) | ||
+ | * KDE's screensaver (enter an empty password, then swipe finger) | ||
+ | * Gnome's GDM login | ||
+ | * <tt>su</tt> | ||
+ | * <tt>sudo</tt> | ||
− | + | Everything is intalled into {{path|/opt/bioapi}}, so it doesn't pollute your filesystem. The only effects outside {{path|/opt/bioapi}} are one-line changes to the ldconfig configuration, PAM configuration and {{path|/etc/rc.local}}, and a few symlinks in {{path|/lib/security}}. | |
===Distributions supported by this script=== | ===Distributions supported by this script=== | ||
− | * {{Fedora}} 4 | + | * {{Fedora}} 4, 5, 6 |
+ | * Red Hat Enterprise Linux 4 | ||
If you add support for additional distributions, please update this script (using conditionals where necessary) instead of branching it. | If you add support for additional distributions, please update this script (using conditionals where necessary) instead of branching it. | ||
==The script== | ==The script== | ||
+ | {{CodeRef|enable-fingerprint-reader}} | ||
− | + | The patch has been moved to http://cvs.pld-linux.org/cgi-bin/cvsweb/SOURCES/Attic/bioapi-c++.patch?rev=1.3. However in CVS it has been marked as obsolete. | |
− | |||
− | |||
− | |||
− | + | ==Ideas for improvement== | |
+ | * Support more distributions | ||
+ | * Minimize changes to {{path|/etc/pam.d/system-auth}} by creating a separate file (e.g., {{path|/etc/pam.d/bioapi-auth}}) and <tt>@include</tt>-ing it. | ||
+ | * Do something about {{path|/etc/pam.d/sshd}} - it invokes {{path|/etc/pam.d/system-auth}} by stacking, so remote SSH logins now invoke the fingerprint reader... See related discussion in [[How_to_enable_the_fingerprint_reader]]. | ||
+ | * Install and configure a patched xscreensaver (as explained in [[How_to_enable_the_fingerprint_reader]]). | ||
+ | * Add "<tt>OnResume 10 /opt/bioapi/bin/set_fingerprint_perms</tt>" to [[Software Suspend 2|suspend2]]'s {{path|/etc/hibernate/hibernate.conf}}? | ||
− | + | * The script ends with: | |
− | + | + wget -N http://badcode.de/downloads/fingerprint.patch | |
+ | --13:03:23-- http://badcode.de/downloads/fingerprint.patch | ||
+ | => `fingerprint.patch' | ||
+ | Connecting to XXX.XXX.XXX.XXX:80... connected. | ||
+ | Proxy request sent, awaiting response... 401 Authorization Required | ||
+ | Authorization failed. | ||
− | + | (proxy don't need authorization) | |
− | + | the file is under authorization | |
− | + | [[Category:Scripts]] | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− |
Latest revision as of 18:25, 5 August 2011
Using the integrated fingerprint reader under Linux is currently a fairly complicated process. The following script automates the installation of the fingerprint software, for some Linux distributions. It covers most components (bioapi framework, driver, pam_bioapi, PAM setup, USB device permissions pamtester and enrolling), and handles all the downloading, patching and installation.
Usage: just copy into a file and run as root.
After installation, all PAM-enabled system functions will use the fingerprint reader (and if it fails, default to the usual password entry). This includes:
- KDE's KDM login (enter an empty password, then swipe finger)
- KDE's screensaver (enter an empty password, then swipe finger)
- Gnome's GDM login
- su
- sudo
Everything is intalled into /opt/bioapi, so it doesn't pollute your filesystem. The only effects outside /opt/bioapi are one-line changes to the ldconfig configuration, PAM configuration and /etc/rc.local, and a few symlinks in /lib/security.
Distributions supported by this script
- Fedora 4, 5, 6
- Red Hat Enterprise Linux 4
If you add support for additional distributions, please update this script (using conditionals where necessary) instead of branching it.
The script
enable-fingerprint-reader (download)
The patch has been moved to http://cvs.pld-linux.org/cgi-bin/cvsweb/SOURCES/Attic/bioapi-c++.patch?rev=1.3. However in CVS it has been marked as obsolete.
Ideas for improvement
- Support more distributions
- Minimize changes to /etc/pam.d/system-auth by creating a separate file (e.g., /etc/pam.d/bioapi-auth) and @include-ing it.
- Do something about /etc/pam.d/sshd - it invokes /etc/pam.d/system-auth by stacking, so remote SSH logins now invoke the fingerprint reader... See related discussion in How_to_enable_the_fingerprint_reader.
- Install and configure a patched xscreensaver (as explained in How_to_enable_the_fingerprint_reader).
- Add "OnResume 10 /opt/bioapi/bin/set_fingerprint_perms" to suspend2's /etc/hibernate/hibernate.conf?
- The script ends with:
+ wget -N http://badcode.de/downloads/fingerprint.patch --13:03:23-- http://badcode.de/downloads/fingerprint.patch
=> `fingerprint.patch'
Connecting to XXX.XXX.XXX.XXX:80... connected. Proxy request sent, awaiting response... 401 Authorization Required Authorization failed.
(proxy don't need authorization) the file is under authorization