Script for enabling the fingerprint reader with BioAPI

From ThinkWiki
Jump to: navigation, search

Using the integrated fingerprint reader under Linux is currently a fairly complicated process. The following script automates the installation of the fingerprint software, for some Linux distributions. It covers most components (bioapi framework, driver, pam_bioapi, PAM setup, USB device permissions pamtester and enrolling), and handles all the downloading, patching and installation.

Usage: just copy into a file and run as root.

After installation, all PAM-enabled system functions will use the fingerprint reader (and if it fails, default to the usual password entry). This includes:

  • KDE's KDM login (enter an empty password, then swipe finger)
  • KDE's screensaver (enter an empty password, then swipe finger)
  • Gnome's GDM login
  • su
  • sudo

Everything is intalled into /opt/bioapi, so it doesn't pollute your filesystem. The only effects outside /opt/bioapi are one-line changes to the ldconfig configuration, PAM configuration and /etc/rc.local, and a few symlinks in /lib/security.

Distributions supported by this script

  • Fedora 4, 5, 6
  • Red Hat Enterprise Linux 4

If you add support for additional distributions, please update this script (using conditionals where necessary) instead of branching it.

The script

enable-fingerprint-reader (download)

The patch has been moved to http://cvs.pld-linux.org/cgi-bin/cvsweb/SOURCES/Attic/bioapi-c++.patch?rev=1.3. However in CVS it has been marked as obsolete.

Ideas for improvement

  • Support more distributions
  • Minimize changes to /etc/pam.d/system-auth by creating a separate file (e.g., /etc/pam.d/bioapi-auth) and @include-ing it.
  • Do something about /etc/pam.d/sshd - it invokes /etc/pam.d/system-auth by stacking, so remote SSH logins now invoke the fingerprint reader... See related discussion in How_to_enable_the_fingerprint_reader.
  • Install and configure a patched xscreensaver (as explained in How_to_enable_the_fingerprint_reader).
  • Add "OnResume 10 /opt/bioapi/bin/set_fingerprint_perms" to suspend2's /etc/hibernate/hibernate.conf?
  • The script ends with:

+ wget -N http://badcode.de/downloads/fingerprint.patch --13:03:23-- http://badcode.de/downloads/fingerprint.patch 

          => `fingerprint.patch'

Connecting to XXX.XXX.XXX.XXX:80... connected. Proxy request sent, awaiting response... 401 Authorization Required Authorization failed.

(proxy don't need authorization) the file is under authorization

Retrieved from "https://www.thinkwiki.org/w/index.php?title=Script_for_enabling_the_fingerprint_reader_with_BioAPI&oldid=52720"