Fingerprint authentication in Ubuntu

It seems more and more laptops come equipped with fingerprint readers lately. If you want to see support for such readers officially rolled into Ubuntu 8.10 by all means click on that mean Brainstorm logo! Update: it seems the Brainstorm voting has closed, however the discussion that entry has about security is worth checking.

I recently got an HP Pavillion xt1000 series with such hardware and while researching its fingerprint support I came across Fprint.

From the project site:

The fprint project aims to plug a gap in the Linux desktop: support for consumer fingerprint reader devices.

Previously, Linux support for such devices has been scattered amongst different projects (many incomplete) and inconsistent in that application developers would have to implement support for each type of fingerprint reader separately.

The provided packages are:

  • libpam-fprint – PAM module allowing authentication (login, sudo, etc.) via fprint
  • libfprint-dev – fingerprint library of fprint project, development headers
  • libfprint0 – fingerprint library of fprint project, which allows using the fingerprint reader found of many of the more decent notebooks
  • fprint-demo – fingerprint scan and verification graphic utility

The packages that enable fprint functionality in Ubuntu are provided by Pavel Rojtberg, I’d like to invite anyone with fingerprint readers to try them. If you find any bugs I think they can be sent to the project’s mailing list, I couldn’t find an obvious link to any open bug trackers. Oh, and don’t miss the FAQ!

There is a lenghty discussion and interesting information on Pavel’s site. I contacted him personally and he setup a Personal Package Archive (PPA) to build the Ubuntu packages very quickly! Thanks for you work, Pavel! All the development work the Fprint project has achieved is made available very easily to us Ubuntu users via the PPA service in Launchpad. This will not make it in any official Ubuntu repositories just yet, but it’s very promising so far. Above all it should not be considered a replacement for other standard authentication and security measures. 🙂

libpam-fprint + libfprint + fprint-demo packages for Ubuntu 7.10 are available as an archive at:
http://madman2k.net/files/fprint-packages.tar

Hardy Packages are available in this PPA:
deb http://ppa.launchpad.net/madman2k/ubuntu hardy main restricted universe multiverse
(add that line to your /etc/apt/sources.list file and update your repositories: sudo apt-get update from comand line or just use Synaptic.

For other distributions see: http://www.reactivated.net/fprint/wiki/Download

ScreenshotFPThe fprint-demo package provides a graphical application to enroll fingerprints and set different options. After installing that package, fprint-demo can be invoked from command line only (no menu entry yet) by issuing this command (notice the underscore instead of hyphen):
sudo fprint_demo

In order to enable fprint authentication on Ubuntu install the libpam and libfprint packages and then edit your /etc/pam.d/common-auth so it contains

auth sufficient pam_fprint.so
auth required pam_unix.so nullok_secure

At your next login attempt or sudo command from terminal, this will first try to read your fingerprint before asking your password. For testing purposes, you can expire the sudo passowrd caching by issuing « sudo -k ». Do not try to disable password login completely; this is alpha software and you might lock out yourself.

Example of command-line fingerprint enrollment:
sudo pam_fprint_enroll --enroll-finger 7

For more information regarding the current (under consideration) integration of fingerprint readers support in Ubuntu, see:
https://bugs.edge.launchpad.net/ubuntu/+source/pam/+bug/187130

 

5 réflexions sur « Fingerprint authentication in Ubuntu »

  1. I’ve used thinkfinger in the past, and it is quite good. I believe the only problem is that you can’t use it to unlock the screensaver. Does fprint have this problem as well? From what I could tell it was actually a bug in gnome’s screensaver.

  2. To enroll fingerprints, the command should be fprint_demo not fprint-demo.

    Other than that, it worked perfectly on my Toshiba Tecra M7 laptop running Hardy Beta.

    Thanks for the instructions!

  3. One thing that I miss from the time that I was a windows user was to authenticate JUST by swaping the finger, whithout having to type the user name.

    The fingerprint program on windows used the finger to see with user was trying to log in, so I didn’t have to type in my username …

  4. @phil
    It works to unlock the screensaver
    Actually it just has a bug in the sudo programm thats fixed for debian but not yet fixed in ubuntu…

Les commentaires sont fermés.