FINGERPRINT AUTHENTICATION FOR UBUNTU BASED ON FPRINTD
This PPA contains packages that add a comprehensive fingerprint-based authentication functionality to Ubuntu, including a seamless integration into GNOME 2.x, Unity and GNOME 3.x. At this time of writing it supports releases of Ubuntu are 12.04, 12.10, 13.04. Please note that since version 12.10 these packages are present in the standard repositories (still, this PPA supports a wider range of fingerprint readers).
Step 1
You should be running Ubuntu 12.04, 12.10, 13.04 or any derivative thereof, and you need to have a supported fingerprint reader. To find out your reader's ID, run the lsusb command and look into the sixth column of the output. Supported devices are:
045e:00bb 08ff:1683 08ff:2580 08ff:268d
045e:00bc 08ff:1684 08ff:2660 08ff:268e
045e:00bd 08ff:1685 08ff:2680 08ff:268f
045e:00ca 08ff:1686 08ff:2681 08ff:2691
0483:2015 08ff:1687 08ff:2682 08ff:2810
0483:2016 08ff:1688 08ff:2683 08ff:5501
05ba:0007 08ff:1689 08ff:2684 08ff:5731
05ba:0008 08ff:168a 08ff:2685 138a:0001
05ba:000a 08ff:168b 08ff:2686 138a:0005
061a:0110 08ff:168c 08ff:2687 138a:0008
08ff:1600 08ff:168d 08ff:2688 147e:1000
08ff:1660 08ff:168e 08ff:2689 147e:2016
08ff:1680 08ff:168f 08ff:268a 147e:2020
08ff:1681 08ff:2500 08ff:268b 147e:3001
08ff:1682 08ff:2550 08ff:268c 1c7a:0603
045e:00bb 08ff:1683 08ff:2580 08ff:268d
045e:00bc 08ff:1684 08ff:2660 08ff:268e
045e:00bd 08ff:1685 08ff:2680 08ff:268f
045e:00ca 08ff:1686 08ff:2681 08ff:2691
0483:2015 08ff:1687 08ff:2682 08ff:2810
0483:2016 08ff:1688 08ff:2683 08ff:5501
05ba:0007 08ff:1689 08ff:2684 08ff:5731
05ba:0008 08ff:168a 08ff:2685 138a:0001
05ba:000a 08ff:168b 08ff:2686 138a:0005
061a:0110 08ff:168c 08ff:2687 138a:0008
08ff:1600 08ff:168d 08ff:2688 147e:1000
08ff:1660 08ff:168e 08ff:2689 147e:2016
08ff:1680 08ff:168f 08ff:268a 147e:2020
08ff:1681 08ff:2500 08ff:268b 147e:3001
08ff:1682 08ff:2550 08ff:268c 1c7a:0603
Step 2
If you have a supported device add this PPA to your sources:
sudo add-apt-repository ppa:fingerprint/fprint
sudo apt-get update
sudo apt-get upgrade
sudo add-apt-repository ppa:fingerprint/fprint
sudo apt-get update
sudo apt-get upgrade
Step 3
Install the software:
sudo apt-get install libfprint0 fprint-demo libpam-fprintd gksu-polkit
sudo apt-get install libfprint0 fprint-demo libpam-fprintd gksu-polkit
Step 4
Launch “fprint project demo” from your Unity/GNOME applications menu and check that you can enroll and verify your fingerprints and that your reader is indeed supported. This does NOT save your fingerprints. This just test to make sure it is working.
Step 5
Run fprintd-enroll in terminal to save your fingerprints.
NOTE:
If you have experimented with fingerprint authentication before and have changed your /etc/pam.d/common-auth, you may be presented with a screen asking whether you want to override those changes. Select Yes. Under very special circumstances, you may get an error saying
pam-auth-update: Local modifications to /etc/pam.d/common-*, not updating.
pam-auth-update: Run pam-auth-update --force to override.
In this case, run sudo pam-auth-update --force, exactly as suggested, and enable the fprintd profile manually. Leave the standard system profiles (Unix, Keyring and ConsoleKit) enabled as well.
pam-auth-update: Local modifications to /etc/pam.d/common-*, not updating.
pam-auth-update: Run pam-auth-update --force to override.
In this case, run sudo pam-auth-update --force, exactly as suggested, and enable the fprintd profile manually. Leave the standard system profiles (Unix, Keyring and ConsoleKit) enabled as well.
Known issues
=================1. No fingerprint and password at the same time
At the moment, you cannot type in your password right away when you are asked for fingerprint. You need to make the fingerprint authentication fail first (swipe wrong finger or let it time out) before you are asked for password. This is a limitation of PAM because its modules mustn't be threaded and hence cannot support multiple means of authentication at the same time.
2. Missing support in gksu. When you run Synaptic or a similar graphical application that requires unlimited, full root privileges, the standard authentication window doesn't get displayed. Yet the fingerprint reader is ready, and a swipe will authenticate the user. The informative window not appearing is a major bug in GNOME's gksu, which will never be fixed because of its inner limitations. Instead, a replacement called gksu-polkit is being developed (its latest version is in this PPA). With this package installed, you can then adjust your menu items to call gksu-polkit instead of gksu. Go to System > Preferences > Main Menu, select the item you want to modify, click Properties and in the Command field change "gksu [options...] command" to "gksu-polkit /full/path/
Note on keyrings and passwordless logins
=======If you log in with your fingerprint, the default keyring manager will not have access to your password or any other secret data to decrypt your enciphered content with. The same applies to encrypted partitions and their automatic unlocking with libpam-mount or eCryptFS. Please note that it is not possible to unlock the keyring unless you have typed in your password (there's nothing to unlock it with, and having a key stored somewhere on disk is a very naïve and insecure solution). There are basically 2 possible solutions to the keyring issue:
1. Keep logging in with your password as before (you will need to make the fingerprint authentication fail first by scanning a wrong finger) and then use fingerprint only for sudo and locked screens. This way you will have your standard password available in your session, and keyring and encrypted partitions will work as before.
2. Remove the password from your default keyring. This way the passwords in it will be stored unencrypted, but this may be perfectly acceptable for you if you store only insensitive data in it (such as passwords to Wi-Fi networks). If you decide to take this route, here is a short how-to: Go to Applications > Accessories > Passwords and Encryption Keys, card Passwords, right click on Passwords: login, Change Password and set it to empty string.
Using Ubuntu and have a Fingerprint Reader on your laptop? Make it work! by Randy Rowland is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Based on a work at https://launchpad.net/~fingerprint/+archive/fprint.
