This is Gentoo's testing wiki. It is a non-operational environment and its textual content is outdated.
Please visit our production wiki at https://wiki.gentoo.org
Fingerprint reader
- how to enroll a fingerprint for a specific user
- GNOME/KDE integration and development status of this features
- Configure PAM to use fprintd
Some laptops (especially those of the ThinkPad persuasion) come with an integrated fingerprint reader which can be used for authentication. Many guide expect the reader to be used in the place of a password. It is highly imperative to note: fingerprint reader technology is not considered to be secure by security experts.[1] Fingerprints should not be substituted for passwords for any device. Passwords can be easily changed; fingers cannot.[2] There are many known techniques to extract fingerprints from the device casing in order to gain access to the system through the fingerprint reader.
With the above paragraph being understood, it is perfectly acceptable to use a fingerprint to identify the user account before signing with key-based authentication.
Available software
The fprint project is probably the most advanced approach to provide a solution for integrating fingerprint readers in Linux - other solutions such as thinkfinger are mostly outdated and do not provide such a general approach as well as fprint.
Name | Package | Homepage | Description |
---|---|---|---|
fprint | sys-auth/fprintd | https://cgit.freedesktop.org/libfprint/fprintd/ | fprint consists of several components. The primary being a daemon which provides access to fprint functionality through D-Bus to applications, such as login managers (GDM, KDM, ...), screen locking mechanisms etc. |
thinkfinger | sys-auth/thinkfinger | http://thinkfinger.sourceforge.net/ | Support for the UPEK/SGS Thomson Microelectronics fingerprint reader, often seen in ThinkPad laptops. |