Once I had installed CrunchBang on it, the usually troublesome Broadcom WiFi working nicely out of the box, I set about trying to get the fingerprint scanner (SGS Thomson Microelectronics Fingerprint Reader) working - and here's what I did. Please note that, as this involves a bit of tweaking of authentication methods, the process may cause unforeseen problems with your computer's security (though it's worked fine for me). Use at your own risk.
First, install libpam-fprintd:
sudo apt-get install libpam-fprintdThen type
fprintd-enroll usernamereplacing 'username' with your actual username, and follow the instructions to scan your fingerprint (it'll ask you for it three times to make sure). Once you've enrolled your fingerprint, reboot.
Now, upon rebooting, you can log in using your fingerprint. On CrunchBang, this involves typing your username, pressing enter, and then scanning your finger. The computer appears to hang when you press the enter key, but once your finger's been scanned, it'll log you in. If for any reason your fingerprint is not recognised (or it's another fingerprint), you'll be simply asked for your password.
I noticed a problem at this point: it didn't seem to require any authentication at all to re-run the fingerprint enrolment to accept a different fingerprint - which leaves an open opportunity for anyone to enrol their own fingerprint into the system instead of yours while you're not looking. To overcome this, I made fprintd-enroll only runnable as root, requiring the root password to run:
Use the command which fprintd-enroll to find the path to the application. Then enter the following, replacing /path/to/application with the actual path to fprintd-enroll:
sudo chown root:root /path/to/application
sudo chmod 700 /path/to/applicationNow it's only executable as root, and will require prefixing with the sudo command.
Not only can you now use your fingerprint to log in, you can also use it to authenticate sudo, and also gksudo - however the gksudo password prompt will not appear at all - you just have to scan your fingerprint after issuing the command (on CrunchBang, this includes anything in the 'System' submenu by default - once you click, say, Synaptic Package Manager, you have to then scan your finger without being explicitly prompted). You are usually requested to enter your password whenever fingerprint authentication is unsuccessful.
No comments:
Post a Comment