Results 1 to 10 of 10

Thread: Fingerprint reader configuration & use on 13.1?

  1. #1

    Default Fingerprint reader configuration & use on 13.1?

    Hi

    On opensuse 12.3 I could use the fingerprint reader on my ThinkPad X61T via the YaST module. Integration with KDE was not perfect: could use fingerprint only instead of password rather than fingerprint or password, but it did work and didn't require me to do anything other than go through the YaST GUI. Now under opensuse 13.1 the YaST fingerprint module has been dropped.

    In the meantime support for the Authentec AES2810 has been added, so I could be using the reader in my ThinkPad X200s as well.

    However, having installed and tried to play with fingerprint-gui I find that I can enrol a fingerprint as root, but test mode doesn't work, and I have no obvious way to enrol fingerprints for my local user, or have authentication for KDE login/sudo/su by fingerprint. In short, I'm missing the YaST module.

    Has anybody come across a viable alternative to the YaST module for fingerprint setup on 13.1 (64-bit)?

    Thanks
    Gigabyte GA-MA770-UD3 r1.0 F9E|AMD Athlon II X4 635|6 GB 667MHz DDR2|XFX Radeon HD 6750|LG GSA-H30N|Netgear WG311T| opensuse 12.2 x86_64 (Intel 330, X-18M)|LG IPS236V 1920x1080 DVI|Logitech MX3000 & MX Air|Freecom USB DVB-T 25452| JBL Spot|Logitech C310

  2. #2
    Join Date
    Jul 2008
    Location
    Toronto, Canada
    Posts
    1,255

    Default Re: Fingerprint reader configuration & use on 13.1?

    I would recommend reading about fprintd. fprint

    Open Yast and add this hardware repository Index of /repositories/hardware/openSUSE_13.1
    Install fprintd, libfprint and fingerprint-gui. I would install the fingerprint-gui package first to test it out.

    fingerprint-gui - Tool for fingerprint enrollment and verification
    Fingerprint GUI is a set of GUI tools for the use of fingerprint scanners on Linux systems. It enables the recording and checking of fingerprints of users and allows login and authentication of users by their fingerprint through its PAM module. An additional "fingerprintIdentifier" application can be used for customized (shell) scripts when users have to be identified or authenticated by their fingerprints.
    The system is based on device drivers from the "libfprint" project.

    fprintd - D-Bus service for Fingerprint reader access
    D-Bus service to access fingerprint readers.

    A lot of people have been using it.
    My Linux Box
    OS:
    openSUSE 52.2 - Plasma 5.18.9
    OS:
    Tumbleweed Plasma 5.22
    ASUS P5Q | Intel Quad 6600 @3.02 GHz | 8GB G.SKILL RAM | Nvidia GeForce 750 Ti

  3. #3
    Join Date
    Jul 2008
    Location
    Toronto, Canada
    Posts
    1,255

    Default Re: Fingerprint reader configuration & use on 13.1?

    As a test install fprintd, libfprint and fprintd-pam. Here's the link: software.opensuse.org: Search

    I would also check Yast -->System-->Service Manager and make sure that the fingerprint service is enabled and active.
    I'm not 100% sure about this feature but I always check.
    Navigate to Security and Users-->User and Group Management for a fingerprint user group. If there is one add yourself to the user group.
    My Linux Box
    OS:
    openSUSE 52.2 - Plasma 5.18.9
    OS:
    Tumbleweed Plasma 5.22
    ASUS P5Q | Intel Quad 6600 @3.02 GHz | 8GB G.SKILL RAM | Nvidia GeForce 750 Ti

  4. #4

    Smile Re: Fingerprint reader configuration & use on 13.1?

    The good news: I made the fingerprint reader in my Lenovo X220 laptop work successfully. I proved that it is indeed possible to enable the fingerprint reader in openSUSE 13.1 for 64-bit. It behaves exactly as it did in openSUSE 12.3. BTW - lsusb shows my fingerprint scanner listed as:
    Code:
    Bus 001 Device 003: ID 147e:2016 Upek Biometric Touchchip/Touchstrip Fingerprint Sensor
    This is the same fingerprint reader used in the stand-alone Upek Eikon reader model number TCRD4C (the silver color unit), which also worked very well with openSUSE 12.3. The not so good news: I'm not completely sure of exactly what the solution is, due to my quite a bit of hacking about. I definitely installed some unnecessary software (fingerprint-gui), and probably did some actions that were not necessary. When I get everything sorted out so I know exactly what needs to be done in what order to enable the fingerprint reader in openSUSE 13.1, I will post instructions in the openSUSE forum.

  5. #5

    Default Re: Fingerprint reader configuration & use on 13.1?

    Quote Originally Posted by Anon135 View Post
    ... When I get everything sorted out so I know exactly what needs to be done in what order to enable the fingerprint reader in openSUSE 13.1, I will post instructions in the openSUSE forum.
    I would definitely be interested in this!

    I just broke fingerprint authentication on my laptop by upgrading from opensuse 12.2 to 13.1

    Has someone found the info why this useful feature was removed?
    I did not find anything except some reference to a fate#313128, whatever that may be :-/

  6. #6

    Default Re: Fingerprint reader configuration & use on 13.1?

    I made it work on my notebook again. Maybe it helps someone if I describe what I did.

    DISCLAIMER: Enabling fprint authentication is not secure. It is just a small step better than automatic login, so do not try to protect vital data with this.

    Having said that, it seems the only missing links on my system were, that the stored fingerprints are now expected in a different location and enrolling was only allowed for root. Maybe the fingerprints are also stored in a different format now, I did not check with the old files, just enrolled again.

    1) I made sure I have the necessary packages installed (they were already installed)

    Code:
    $ sudo zypper install libfprint0 pam_fprint
    Daten des Repositories laden ...
    Installierte Pakete lesen ...
    'pam_fprint' ist bereits installiert.
    Kein Aktualisierungskandidat für 'pam_fprint-0.2-12.1.2.x86_64'. Die neueste Version ist bereits installiert.
    'libfprint0' ist bereits installiert.
    Kein Aktualisierungskandidat für 'libfprint0-0.5.0-3.1.3.x86_64'. Die neueste Version ist bereits installiert.
    Paketabhängigkeiten auflösen ...
    
    Keine auszuführenden Aktionen.
    2) Next I checked pam is configured to use fprint authentication (not sure this check is complete, it was already ok)

    Code:
    $ sudo pam-config --query --fprint
    auth:
    if the output is empty (not auth: ), then add module fprint to pam like this:

    Code:
    $ sudo pam-config --add --fprint
    3) Now I enrolled a fingerprint for root

    Code:
    $ sudo pam_fprint_enroll
    Switching to root (e.g. sudo) now asks for fingerprint, and only falls back to password if scan does not work.

    4) Finally enrolled fingerprint for "normal" user

    Problem is, the scan device is owned by root. Normal users cannot use it. We change that by creating an udev rule for it that gives write access to group users:

    a) Find the vendor and product id of the scanner with lsusb. Mine is an Upek with vendor id 147e and product id 2016:

    Code:
    $ lsusb
    Bus 001 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
    Bus 002 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub
    Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
    Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
    Bus 001 Device 003: ID 046d:c526 Logitech, Inc. Nano Receiver
    Bus 001 Device 004: ID 147e:2016 Upek Biometric Touchchip/Touchstrip Fingerprint Sensor
    Bus 001 Device 005: ID 0a5c:217f Broadcom Corp. BCM2045B (BDC-2.1)
    Bus 001 Device 006: ID 17ef:480f Lenovo Integrated Webcam [R5U877]
    Bus 002 Device 003: ID 05c6:9204 Qualcomm, Inc.
    b) Add an udev rule file for this device (using your vendor and product id's of course)
    Code:
    $ sudo echo 'SUBSYSTEM=="usb", ATTR{idVendor}=="147e", ATTR{idProduct}=="2016", MODE="0664", OWNER="root", GROUP="users"' >/etc/udev/rules.d/70-fprint.rules
    c) Activate the rules
    Code:
    sudo udevadm control --reload-rules
    sudo udevadm trigger
    d) Now you should be able to call pam_fprint_enroll as normal user.

    To log into a kde session on the login screen you can now enter your username, then hit Enter, click on OK button, then scan. If the scan does not recognize you, also enter the password before pressing Enter and then scan. This is clumsy (On windows you enter nothing, just scan), but I still like it.

  7. #7

    Default Re: Fingerprint reader configuration & use on 13.1?

    Quote Originally Posted by joba1 View Post
    To log into a kde session on the login screen you can now enter your username, then hit Enter, click on OK button, then scan. If the scan does not recognize you, also enter the password before pressing Enter and then scan. This is clumsy (On windows you enter nothing, just scan), but I still like it.
    Just noticed, gdm is much nicer for X session fingerprint authentication.
    You see a list of users, select one, press enter and scan (no mouse required).
    Enable it like this:

    Code:
    sudo zypper install gdm
    sudo sed -i 's/^DISPLAYMANAGER=.*/DISPLAYMANAGER="gdm"/' /etc/sysconfig/displaymanager
    If you want to try immediately (warning: this stops current X sessions without saving open documents!), execute as root:

    Code:
    telinit 3; telinit 5

  8. #8

    Default Re: Fingerprint reader configuration & use on 13.1?

    This has been a useful thread, though I still have not managed to get the fingerprint reader to work on a Thinkpad T500. :-(

    This is on a fresh installation of 13.1 64 bit and btrfs filesystem.
    I have one problem and one question.

    Question one when doing "pam_fprint_enroll" after an attempt to scan my finger it always comes back with an error -22 what is this telling me ?

    When I tried to config pam it came back complaining that it could not find /lib/security/pam_fprint.so .
    Now I had only installed the 64 bit versions of fprint and there was under /lib64/security/pam_fprint.so so why was it looking for the 32 bit version in /lib?
    further looking at this and I realised that all the 32 bit and 64 bit pam libraries were installed yet the system seems to be using the 32 bit versions why is this? why have the 32 bit libraries been installed anyway?.

    Installing the 32 bit fprint library and pam-config would now quite happily add fprint but still error -22 any thoughts?

    Rgds

  9. #9
    Join Date
    Jun 2008
    Location
    Canada
    Posts
    453

    Default Re: Fingerprint reader configuration & use on 13.1?

    Quote Originally Posted by carioca View Post
    This has been a useful thread, though I still have not managed to get the fingerprint reader to work on a Thinkpad T500. :-(This is on a fresh installation of 13.1 64 bit and btrfs filesystem.I have one problem and one question.Question one when doing "pam_fprint_enroll" after an attempt to scan my finger it always comes back with an error -22 what is this telling me ?When I tried to config pam it came back complaining that it could not find /lib/security/pam_fprint.so .Now I had only installed the 64 bit versions of fprint and there was under /lib64/security/pam_fprint.so so why was it looking for the 32 bit version in /lib?further looking at this and I realised that all the 32 bit and 64 bit pam libraries were installed yet the system seems to be using the 32 bit versions why is this? why have the 32 bit libraries been installed anyway?.Installing the 32 bit fprint library and pam-config would now quite happily add fprint but still error -22 any thoughts?Rgds
    what is the id of your reader?

    check with lsusb
    www.laboiteaprog.com

  10. #10

    Cool Re: Fingerprint reader configuration & use on 13.1?

    Quote Originally Posted by joba1 View Post
    I made it work on my notebook again. Maybe it helps someone if I describe what I did. DISCLAIMER: Enabling fprint authentication is not secure. It is just a small step better than automatic login, so do not try to protect vital data with this. Having said that, it seems the only missing links on my system were, that the stored fingerprints are now expected in a different location and enrolling was only allowed for root. Maybe the fingerprints are also stored in a different format now, I did not check with the old files, just enrolled again. 1) I made sure I have the necessary packages installed (they were already installed)
    Code:
    $ sudo zypper install libfprint0 pam_fprint Daten des Repositories laden ... Installierte Pakete lesen ... 'pam_fprint' ist bereits installiert. Kein Aktualisierungskandidat für 'pam_fprint-0.2-12.1.2.x86_64'. Die neueste Version ist bereits installiert. 'libfprint0' ist bereits installiert. Kein Aktualisierungskandidat für 'libfprint0-0.5.0-3.1.3.x86_64'. Die neueste Version ist bereits installiert. Paketabhängigkeiten auflösen ...  Keine auszuführenden Aktionen.
    2) Next I checked pam is configured to use fprint authentication (not sure this check is complete, it was already ok)
    Code:
    $ sudo pam-config --query --fprint auth:
    if the output is empty (not auth: ), then add module fprint to pam like this:
    Code:
    $ sudo pam-config --add --fprint
    3) Now I enrolled a fingerprint for root
    Code:
    $ sudo pam_fprint_enroll
    Switching to root (e.g. sudo) now asks for fingerprint, and only falls back to password if scan does not work. 4) Finally enrolled fingerprint for "normal" user Problem is, the scan device is owned by root. Normal users cannot use it. We change that by creating an udev rule for it that gives write access to group users: a) Find the vendor and product id of the scanner with lsusb. Mine is an Upek with vendor id 147e and product id 2016:
    Code:
     $ lsusb Bus 001 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub Bus 002 Device 002: ID 8087:0020 Intel Corp. Integrated Rate Matching Hub Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 003: ID 046d:c526 Logitech, Inc. Nano Receiver Bus 001 Device 004: ID 147e:2016 Upek Biometric Touchchip/Touchstrip Fingerprint Sensor Bus 001 Device 005: ID 0a5c:217f Broadcom Corp. BCM2045B (BDC-2.1) Bus 001 Device 006: ID 17ef:480f Lenovo Integrated Webcam [R5U877] Bus 002 Device 003: ID 05c6:9204 Qualcomm, Inc.
    b) Add an udev rule file for this device (using your vendor and product id's of course)
    Code:
    $ sudo echo 'SUBSYSTEM=="usb", ATTR{idVendor}=="147e", ATTR{idProduct}=="2016", MODE="0664", OWNER="root", GROUP="users"' >/etc/udev/rules.d/70-fprint.rules
    c) Activate the rules
    Code:
    sudo udevadm control --reload-rules sudo udevadm trigger
    d) Now you should be able to call pam_fprint_enroll as normal user. To log into a kde session on the login screen you can now enter your username, then hit Enter, click on OK button, then scan. If the scan does not recognize you, also enter the password before pressing Enter and then scan. This is clumsy (On windows you enter nothing, just scan), but I still like it.
    Wow! That was an awesome post! Thank you very much for providing a very well written, detailed explanation! Your solution beat the snot out of my most inelegant hack.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •