Fingerprint Authentication

On my laptop, I have a fingerprint scanner - Authentec AES2501.  I know that I could use this for authentication in Windows, but wanted to do the same in Linux.

To get it working is very simple.  First of all, you need to install a package called pam_fprint.  After this, you need to modify /etc/pam.d/system-auth.  This is how I did mine:

auth        required      pam_env.so
auth        sufficient    pam_fprint.so
auth        sufficient    pam_unix.so try_first_pass likeauth nullok
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so

the main changes in this file are the second and third lines.  I have set "sufficient" so that it will fall back to password in case my fingerprint wasn't recognised.  If you change "sufficient" to "required", then it will only ask for fingerprint and nothing else.  If you want this, ensure that you have used it a few times to make sure your fingerprint is working fine.  I had problems originally, because I was scanning my finger too fast.  So I scanned it slower and I found I could authenticate with my fingerprint everytime.

To enroll a fingerprint, run this from a console window for the user that you wish to authenticate with fingerprint:

pam_fprint_enroll

then follow the instructions for scanning your fingerprint.  Remember, if you scan too fast, you won't be able to authenticate.  If you scan too slow, then it will complain.  You need to experiment to get it right. 

This will also work with gdm, as I found I tested this with Fedora 8 and gdm did ask me for my fingerprint instead of password.