Fingerprint reader on an Lenovo/IBM T43p in Gentoo Linux
What?
This document describes the process of setting up the fingerprint reader of a ThinkPad T43p under Gentoo Linux. There is documentation on the process in the ThinkWiki and the official site of the drivers. These two references were also the basis for the information in here.
Requirements
You need the following packages from the official portage tree (as of October 5th 2006. My original ebuilds can still be found in my subversion overlay).
- sys-auth/bioapi
- sys-auth/tfm-fingerprint
- sys-auth/pam_bioapi
And, of course, a shiny T43p.. However, the responses to this article indicate that it also seems to work with T60, T60p, T43 and R52 as well. Thank's for the notification, guys! Keep me updated with other models.
Step-by-step installation
Let's go then. Step-by-step along these lines:
- Install the required packages by running:
emerge bioapi tfm-fingerprint pam_bioapi
- Put the users that want to do fingerprinting into groups
usb
andbioapi
. You might want to check that the directory permission of/proc/bus/usb
is writable for groupusb
. - Create the fingerprint file for your user. Run
QSample
as user, select the "TouchChip" device and enroll your user id. This generates a .bir-file in the current directory.
Note: if you do not haveQSample
, you can use the non-GUI tool namedSample
. I did not get that to work however, so you better emerge bioapi with USE-flagqt3
. (Or drop me a line how to work that command line tool.) - Change to root and install that .bir-file by running these commands:
SERIAL=`BioAPITest | sed -ne "/Fingerprint/{n;n;s/^.*: \(.\{9\}\)\(.\{4\}\)\(.\{4\}\)\(.\{4\}\)\(.*\)/\1-\2-\3-\4-\5/gp}"` echo $SERIAL
If that last command did not print anything like{5550454b-2054-464d-2f45-535320425350}
, doSERIAL={5550454b-2054-464d-2f45-535320425350}
, then continue:mkdir -p /etc/bioapi/pam/$SERIAL cp <username.bir> /etc/bioapi/pam/$SERIAL
- Replace the contents of
/etc/pam.d/system-auth
with this here (a backup of the original file might be a good idea). Thanks to "Horror Vacui" for pointing out a shortcoming in the first version of the configuration.account required pam_unix.so auth sufficient pam_bioapi.so {5550454b-2054-464d-2f45-535320425350} /etc/bioapi/pam/ password optional pam_bioapi.so {5550454b-2054-464d-2f45-535320425350} /etc/bioapi/pam/ auth required pam_unix.so nullok_secure password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password required pam_deny.so session required pam_limits.so session required pam_unix.so
That's it buddy. Now login with your user (probably leave a root console open to be able to revert the changes..) and you will be prompted to
swipe the finger. If you want to use the same finger for root, just copy the .bir-file to root.bir
in the same directory.
If you compiled xlockmore with USE-flag pam
you're even ready to unlock the locked screen by simply pressing enter on the password
prompt and then swiping your nose over the reader...
See How to enable the fingerprint
reader for information about making it work with xscreensaver (if it doesn't out of the box).
Questions and troubles?
Questions and comments about the ebuilds and this document go to: .
Before contacting me in case of any problems, make sure you have read:
Thanks, cheerio and goodbye.