Using the Fingerprint Reader

With the ThinkFinger driver, openSUSE supports the fingerprint reader by UPEK/SGS Thomson Microelectronics included with some IBM and Lenovo ThinkPads. The same fingerprint reader can also be found in other laptops and either as a stand-alone device or built into some USB keyboards. For more details, refer to http://thinkfinger.svn.sourceforge.net/viewvc/*checkout*/thinkfinger/README.in. After registering their fingerprint, users can log in to the system either by swiping a finger on the fingerprint reader or by typing in a password.

If the hardware check detects the fingerprint reader integrated with your laptop (or connected to your system), the packages libthinkfinger and pam_thinkfinger are automatically installed. Use the command line tool tf-tool to register or verify a fingerprint for various users. root permission is required for this. The PAM module pam_thinkfinger supports user authentication by fingerprint for the following applications and actions (although you might not be prompted to swipe your finger in all cases):

Registering a Fingerprint

Fingerprints can either be registered with YaST or from the command line. This section contains instructions on registering fingerprints from the command line. Currently, only one fingerprint per user can be registered.

For more detailed information about configuring and using fingerprint authentication, see http://en.opensuse.org/Using_Fingerprint_Authentication.

  1. Open a shell and log in as root.

  2. Run tf-tool --help to view the available options.

  3. To register a fingerprint for a certain user, enter

    tf-tool --add-user login
    

    tf-tool prompts the user to swipe a finger until three readable fingerprints have been gathered. The user's fingerprint data is then stored to /etc/pam_thinkfinger/login.bir.

  4. If you want to use fingerprint authentication for starting YaST or the YaST modules in the GNOME control center, register a fingerprint for root, too.

  5. To verify an existing fingerprint for a certain user, enter

    tf-tool --verify-user login
    
  6. Let the user swipe a finger. tf-tool compares the fingerprint to the print stored for this user and provides a message if the fingerprints match.

As soon as the user's fingerprint has been successfully registered, the user can choose to authenticate with either fingerprint or password.

To remove a user's fingerprint, delete the appropriate fingerprint file for this user: /etc/pam_thinkfinger/login.bir.

With tf-tool --acquire you can do a test run with tf-tool. The fingerprint is stored as /tmp/test.bir and can be verified with tf-tool --verify.

For More Information

  • Find the project home page at http://thinkfinger.sourceforge.net/

  • For more technical details, refer to /usr/share/doc/packages/libthinkfinger/README in your installed system.

  • There are also man pages available for pam_thinkfinger and tf-tool.