PAM Fingerprint
Available translations:
PAM Fingerprint is a Linux Pluggable Authentication Module (PAM) for password-less fingerprint authentication. It uses the ZhianTec ZFM-20 fingerprint sensor (a.k.a. "Arduino fingerprint sensor")
in conjunction with the PyFingerprint library. With a little manual skill, the sensor can be build in a small universal housing:
Per default the password authentication is set as fallback in case no fingerprint sensor is connected. Two-factor authentication is also possible. The module has to be configured by the pamfingerprint-conf
program.
Hardware
PAM Fingerprint requires some hardware:
- Zhaintec ZFM-20 (a.k.a. "Arduino fingerprint sensor")
- USB-TTL converter
- (optional) universal housing (75x55x25)
Connection of the sensor
The sensor and the USB-TTL converter are connected like in the following image:
Installation
After adding the PM Code Works APT repository to the system package sources, the package can be installed using following command:
$ sudo apt-get install libpam-fingerprint
Install missing dependencies:
$ sudo apt-get install -f
Setup
Since PAM Fingerprint communicates via USB and only root is allowed to do this, every user that wants to use PAM Fingerprint must be granted access for using USB:
$ sudo usermod -a -G dialout username
A reboot is now required. After that users can be added to PAM Fingerprint.
$ sudo reboot
PAM Fingerprint consists of the Linux PAM module itself and a console-based configuration utility to add users. To enable fingerprint authentication for a user use e.g. the following command:
$ sudo pamfingerprint-conf --add-user username
Remind to replace username
by a real user. Using this command a finger is enrolled twice. To test if added user can login with the finger use e.g. the following command:
$ pamfingerprint-conf --check-user username
The sensor LED should light up and the enrolled finger should be used. During the test some information are printed on the console. If output in last line is "successful" everything works as it should and user is able to use fingerprint authentication in the future.
Credendentials of PAM Fingerprint are stored in the file /etc/pamfingerprint.conf
inside the section [users]
. The structure of an entry is:
username = Template-ID, SHA256(Fingerprint)
The other section [PyFingerprint]
contains settings of the fingerprint sensor.
Since PAM Fingerprint is purely written in Python it can also be run on ARM-HF based Raspberry Pi.
How to write your own PAM module
How PAM works and how PAM modules are written and added to Linux see Linux PAM.