Configuring PAM
Modify the /etc/pam.d/common-auth file to reflect the AFTER sample below.
BEFORE
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
auth required pam_env.so
auth required pam_unix2.so
AFTER
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
auth sufficient pam_bioapi.so {5550454b-2054-464d-2f45-535320425350} /etc/bioapi/pam/
password sufficient pam_bioapi.so {5550454b-2054-464d-2f45-535320425350} /etc/bioapi/pam/
auth required pam_unix2.so nullok_secure
#auth required pam_env.so
#auth required pam_unix2.so
At this point reboot your system. After entering your username a little window will pop-up to swipe your finger. You will be prompted to swipe your finger for any applications or tools that require authentication.
NOTE: Three failed attempts will then cause PAM to authenticate against the local password.
Another NOTE: If you ever want to discontinue using the Fingerprint Reader simply return the file /etc/pam.d/common-auth to it's original state.
COMMON BEHAVIOR OF APPLICATIONS AFTER IMPLEMENTATION
The implementation of fingerprint scanning support varies in different applications.
Here is the behaviour of the most common ones:
*
When using the Gnome Display Manager gdm, it will pop up an image to swipe your finger. You can login without a password.
*
When using the KDE Display Manager kdm, it doesn't give any visual indication, other than that the cursor stops blinking. Just swipe your finger and you will be logged in.
*
The KDE screen saver in SUSE 10 requires you to enter an empty password (or select the correct user and then enter an empty password(Just hit <enter>)) in order to get the fingerprint prompt. Just swipe your finger and you will be logged in.
*
The GNOME screen saver in SUSE 10 requires you to enter an empty password (Just hit <enter>) in order to get the fingerprint prompt. Just swipe your finger and you will be logged in.
*
When using KDE as the desktop environment, I have noticed that some applications require you to swipe your finger twice.
*
Logged in as a regular user, any applications launched that require authentication, you will be prompted to swipe your finger.