A udev rule must be written to authorize a new group read/write access.įirst, create a new group, let us say fingerprint:Īdd the user you want to be able to unlock Xscreensaver with the fingerprint reader to the group: This still will not work because Xscreensaver cannot read/write from /dev/misc/uinput and /dev/bus/usb*. etc/pam.d/xscreensaver auth sufficient pam_thinkfinger.soĪuth required pam_unix_auth.so try_first_pass First, configure PAM with a file /etc/pam.d/xscreensaver containing: etc/pam.d/sudoĬhange this file to confirm the sudo command with a finger-swipe:Īuth required pam_nologin.so /etc/pam.d/xscreensaver Tip: Do not forget to do a tf-tool -add-user root to use this feature.
Session required pam_unix.so /etc/pam.d/suĬhange this file to confirm the su command with a finger-swipe:Īuth required pam_unix.so nullok_secure try_first_pass
Tf-tool -add-user acquires and stores your fingerprint in /etc/pam_thinkfinger/.bir, which is needed for an authentication with pam.Ĭhange the file /etc/pam.d/login to look like this if you want to use your fingerprint to authenticate yourself on logon:Īuth required pam_unix.so use_first_pass nullok_secure Run tf-tool -acquire to generate a file at /etc/pam_thinkfinger/test.bir and tf-tool -verify to see if it identifies you correctly. You will have to run this as root because a direct access to the usb devices is needed.
