Random Wisdom

Tag: fingerprint

ThinkPad E530 Fingerprint Reader on Linux

by on Oct.10, 2013, under Hardware, How To ..., Linux

The E530 comes with a fingerprint reader but getting it working takes some amount of effort — at least on Fedora systems. The only project supporting this particular reader (147e:1002 Upek Biometric Touchchip/Touchstrip Fingerprint Sensor) seems to be Fingerprint GUI.

The first step is getting it to compile. The README for fingerprint-gui-1.05 suggests running:

$ qmake-qt4
$ make

but the build fails on Fedora 19 (x86_64) with these instructions. It is necessary to call qmake-qt4 with a couple of extra defines after cleaning up the previous failed attempt:

$ ./remove-makefiles.sh && ./remove-binaries.sh
$ qmake-qt4 LIBPOLKIT_QT=LIBPOLKIT_QT_1_1 LIB=lib64
$ make

at this point, assuming all of the required devel packages are installed, the build should complete successfully. Install by running:

$ sudo make install
$ sudo make install-upek

The user should also be added to the plugdev group if not already a member. Once installed, nothing much will happen until PAM is configured. In the meanwhile, it should be possible to run ‘fingerprint-gui’ to confirm that the reader is detected and enrol a few fingerprints.

The next step is to modify the PAM stack. Start by creating a backup of ‘/etc/pam.d‘ in case something goes wrong. Then, add the line auth sufficient pam_fingerprint-gui.so -d try_first_identified to a few of the core configuration files:

# diff -uN /root/pam.d /etc/pam.d
diff -uN /root/pam.d/fingerprint-auth /etc/pam.d/fingerprint-auth
--- /root/pam.d/fingerprint-auth	2013-07-12 09:13:16.000000000 +0100
+++ /etc/pam.d/fingerprint-auth	2013-10-09 23:36:29.052893499 +0100
@@ -2,7 +2,8 @@
 # This file is auto-generated.
 # User changes will be destroyed the next time authconfig is run.
 auth        required      pam_env.so
-auth        sufficient    pam_fprintd.so
+#auth        sufficient    pam_fprintd.so
+auth        sufficient    pam_fingerprint-gui.so -d try_first_identified
 auth        required      pam_deny.so
 
 account     required      pam_unix.so
diff -uN /root/pam.d/password-auth /etc/pam.d/password-auth
--- /root/pam.d/password-auth	2013-07-12 09:13:16.000000000 +0100
+++ /etc/pam.d/password-auth	2013-10-09 23:41:50.469049775 +0100
@@ -2,6 +2,7 @@
 # This file is auto-generated.
 # User changes will be destroyed the next time authconfig is run.
 auth        required      pam_env.so
+auth        sufficient    pam_fingerprint-gui.so -d try_first_identified
 auth        sufficient    pam_unix.so try_first_pass nullok
 auth        required      pam_deny.so
 
diff -uN /root/pam.d/system-auth /etc/pam.d/system-auth
--- /root/pam.d/system-auth	2013-07-12 09:13:16.000000000 +0100
+++ /etc/pam.d/system-auth	2013-10-09 23:40:15.343472816 +0100
@@ -2,6 +2,7 @@
 # This file is auto-generated.
 # User changes will be destroyed the next time authconfig is run.
 auth        required      pam_env.so
+auth        sufficient    pam_fingerprint-gui.so -d try_first_identified
 auth        sufficient    pam_unix.so try_first_pass nullok
 auth        required      pam_deny.so

Once the changes have been saved, it should be possible to perform logins and screen unlocks using the fingerprint reader. On Fedora 19 (Gnome 3.8), the fingerprint GUI itself does not appear on login screens but it works nonetheless. More details here.

Leave a Comment :, , , , more...