# Thinkpad finger print reader setup

## multix

Hi,

it is a security topic so I post it here, but don't know if it is the most correct forum.

I want to use it essentially for a nice login and for unloking the screen or such stuff.

I installed  *Quote:*   

> fprintd

 .

Calibration worked too and the hardware works. My problem is the setup.

If I do a login console, I need to enter the username first, then "scan" instead of the password. I noticed, the same fingerprint is used both for "root" and for my own user. Fine enough.

If I use sudo, I too get asked for:

 *Quote:*   

> Scan right index finger on UPEK TouchStrip
> 
> 

 

Which is kind of nice.

I configured pam in:

```
/etc/pam.d/cat system-auth
```

by adding:

```

auth            sufficient      pam_fprint.so

```

What is not working?

xlock Although in various forums I read that it should work, including xlockmore page. But in my case scanning does not work. perhaps it is not picking up PAM? However I have xlockmore compiled with pam.

remote usage This is the most annoying. If I login remotely to my computer (telnet, ssh) and issue "sudo" I get asked to scan the fingerprint! that is really not nice.

perhaps I should move things in another place? suggestions? I'd like that when using sudo using telnet/ssh.

Even if "sufficient" I cannot skip scanning the fingerprint with a ctrl-c/ctrl-d.

Can I configure things so that fingerpritn is not used for sudo?

My "xlock" in pam.d contains:

```
auth    include         system-auth
```

so it should work. xlockmore perhaps doens't use pam.d/xlock?

Riccardo

----------

