Friday, August 13, 2010

ThinkPad fingerprint scanner - Linux PAM setup

Using fingerprint scanners for login is cool. Sure, it's insecure, but who cares about that :-). It's awesome!

Do enroll more than one finger, and have a fallback mechanism though...

# Install fingerprint software.
# You can play around with fprint_demo to try it out...
sudo aptitude install fprint-demo libpam-fprint libfprint

# Enroll the index finder. See pam_fprint_enroll --help for details
pam_fprint_enroll --enroll-finger 7

# Edit your PAM configuration to enable fingerprint login
# Fallback to password if it fails.

# emacs /etc/pam.d/commond-auth
# Add something like:

# Fingerprint
auth sufficient

You could also require both, but that's just awkward :-). And if finger print scanning breaks, it's a PITA.