Using the Fingerprint Reader

Contents

7.1. Supported Applications and Actions
7.2. Managing Fingerprints with YaST

If your system includes a fingerprint reader, you can use biometric authentication in addition to standard authentication via login and password. After registering their fingerprint, users can log in to the system either by swiping a finger on the fingerprint reader or by typing in a password. openSUSE® supports most available fingerprint readers. For a list of supported devices, please refer to http://reactivated.net/fprint/wiki/Supported_devices.

If the hardware check detects the fingerprint reader integrated with your laptop (or connected to your system), the packages libfprint, pam_fp, and yast2-fingerprint-reader are automatically installed.

Currently, only one fingerprint per user can be registered. The user's fingerprint data is stored to /home/login/.fprint/.

Supported Applications and Actions

The PAM module pam_fp supports fingerprint authentication for the following applications and actions (although you may not be prompted to swipe your finger in all cases):

Logging in to GDM/KDM or a login shell
Unlocking your screen on the GNOME/KDE desktop
Starting YaST and the YaST modules
Starting an application with root permission: sudo or gnomesu
Changing to a different user identity with su or su - username

	Fingerprint Reader Devices and Encrypted Home Directories
If you want to use a fingerprint reader device, you must not use encrypted home directories (see Kapitel Verwalten von Benutzern mit YaST (↑Referenz) for more information). Otherwise logging in will fail, because decrypting during login is not possible in combination with an active fingerprint reader device.

Managing Fingerprints with YaST

Procedure 7.1. Enabling Fingerprint Authentication

You can only use biometric authentication if PAM is configured accordingly. Usually, this is done automatically during installation of the packages when the hardware check detects a supported fingerprint reader. If not, manually enable the fingerprint support in YaST as follows:

Start YaST and select Hardware+Fingerprint Reader.
In the configuration dialog, activate Use Fingerprint Reader and click Finish to save the changes and close the dialog.

Now you can register a fingerprint for various users.

Procedure 7.2. Registering a Fingerprint

In YaST, click Security and Users+User Management to open the User and Group Administration dialog. A list of users or groups in the system is displayed.
Select the user for whom you want to register a fingerprint and click Edit.
On the Plug-Ins tab, select the fingerprint entry and click Launch to open the Fingerprint Configuration dialog.
YaST prompts the user to swipe his finger until three readable fingerprints have been gathered.
After the fingerprint has been acquired successfully, click Accept to close the Fingerprint Configuration dialog and the dialog for the user.
If you also want to use fingerprint authentication for starting YaST or the YaST modules, you need to register a fingerprint for root, too.
To do so, set the filter in the User and Group Administration dialog to System Users, select the root entry and register a fingerprint for root as described above.
After you have registered fingerprints for the desired users, click Finish to close the administration dialog and to save the changes.

As soon as the user's fingerprint has been successfully registered, the user can choose to authenticate with either fingerprint or password for the actions and applications listed in Section 7.1, “Supported Applications and Actions”.

Currently, YaST does not offer verification or removal of fingerprints, but you remove fingerprints by deleting the directory /home/login/.fprint.

For more technical details, refer to http://reactivated.net/fprint/.