The goal of the project is making fingerprint readers as easy as possible to use for secondary authentication.
See the use cases in the whiteboard.
- Name: Bastien Nocera
- Targeted release: Fedora 11
- Last updated: 2008-11-27
- Percentage of completion: 80% (some code available)
libusb1, and the required libfprint are available in rawhide (F-11). The authconfig patch to enable pam_fprintd
fprintd is being reviewed. It includes a pam plugin to not require a password for login. The authconfig patch to add fingerprint reader authentication is also in rawhide.
Enrollment support is being added to gnome-about-me.
Currently, using Fingerprint readers is a bit of a pain, and installing/using fprint and its pam module take more time than should ever be necessary. The goal of this feature is to make it painless by providing all the required pieces in Fedora, together with nicely integrated configration.
Benefit to Fedora
Better Out-of-the-box experience for systems with fingerprint readers. Fedora will support one more piece of frequently found hardware.
Better integration would mean
- Having a D-Bus service for handling reading/using the fingerprint reader.
- The PAM module uses the VerifyStart method provided over D-Bus to authenticate users, and will be added to the default configuration.
- gnome-about-me would use the EnrollStart method to write a new fingerprint data file for the specified user.
- gnome-screensaver would be able to use finger scans to unlock the desktop
- Any other dialog presented to the user for authentication would be able to use finger scans
- The create-user dialog in firstboot or its replacement could offer to enroll the new user
How to test
- Person installs a laptop/desktop system with a fingerprint-reader that's supported by fprint
- Person sets their fingerprint in gnome-about-me
- Person can log in using their fingerprint
- Person deletes their fingerprint in gnome-about-me
- Person can no longer log in with their fingerprint
- Another thing to test: turning fingerprint support off in authconfig prevents login with fingerprint, but keeps the fingerprint data, so that turning it back on doesn't force people to re-enroll.
- Debian's fingerprint integration wiki
- Ubuntu's fingerprint integration wiki
- the fprint library
- supported fingerprint readers
- libfprint and libusb1
- authconfig support
- fprintd with pam module
Not installing the packages by default.
Fedora 11 supports authentication using fingerprint readers. Before you can log in using your fingerprint, you need to enable fingerprint authentication in authconfig (System → Administration → Authentication) and enroll your fingerprint in gnome-about-me (System → Preferences → Personal → About Me). For a list of supported fingerprint readers, see http://www.reactivated.net/fprint/wiki/Supported_devices.