|
Packit Service |
f1aff6 |
PAM module for fingerprint authentication
|
|
Packit Service |
f1aff6 |
-----------------------------------------
|
|
Packit Service |
f1aff6 |
|
|
Packit Service |
f1aff6 |
Using:
|
|
Packit Service |
f1aff6 |
* Modify the appropriate PAM configuration file
|
|
Packit Service |
f1aff6 |
(/etc/pam.d/system-auth-ac on Fedora systems), and add the line:
|
|
Packit Service |
f1aff6 |
auth sufficient pam_fprintd.so
|
|
Packit Service |
f1aff6 |
before the line:
|
|
Packit Service |
f1aff6 |
auth sufficient pam_unix.so ...
|
|
Packit Service |
f1aff6 |
* You can now enroll fingerprints using fprintd-enroll. The first available
|
|
Packit Service |
f1aff6 |
fingerprint available will be used to log you in.
|
|
Packit Service |
f1aff6 |
|
|
Packit Service |
f1aff6 |
Options:
|
|
Packit Service |
f1aff6 |
* You can add the "debug" option on the pam configuration file line above,
|
|
Packit Service |
f1aff6 |
this will log more information from PAM to the file specified in your
|
|
Packit Service |
f1aff6 |
syslog configuration (/var/log/secure by default on Fedora)
|
|
Packit Service |
f1aff6 |
|
|
Packit Service |
f1aff6 |
Known issues:
|
|
Packit Service |
f1aff6 |
* pam_fprintd does not support identifying the user itself as
|
|
Packit Service |
f1aff6 |
that would mean having the fingerprint reader on for all the time
|
|
Packit Service |
f1aff6 |
the user selection is displayed, and could damage the hardware.
|
|
Packit Service |
f1aff6 |
It could be fixed by having gdm/login only start the PAM conversation
|
|
Packit Service |
f1aff6 |
when there is activity
|
|
Packit Service |
f1aff6 |
* pam_fprintd doesn't support entering either the password or a fingerprint,
|
|
Packit Service |
f1aff6 |
as pam_thinkfinger does, because it's a gross hack, and could be fixed
|
|
Packit Service |
f1aff6 |
by having the login managers run 2 separate PAM stacks
|