Novell Home

Biometric Fingerprint Scan

Novell Cool Solutions: Feature
By Damian Myerscough

Digg This - Slashdot This

Posted: 5 Dec 2007
 

Problem:

Weak security.

Solution:

Implement biometric fingerprint authentication.

Environment:

This article was tested on SUSE Linux Enterprise Desktop SP1.

Note: If you receive the following error:

"fprint_demo: error while loading shared libraries: libfprint.so.0: cannot open shared object file: No such file or directory"

Issue the following command:

ln -s /opt/gnome/lib/libfprint.so.0 /usr/lib/libfprint.so.0

The above command fixes the error while loading shared libraries.

--Damian Myerscough

In this article we are going to setup and configure biometric fingerprint scanning for logging into your workstations. Biometric fingerprint scanning offers a much more secure method of logging into your system as the key to login to the system is you're fingerprint. The biometric fingerprint scanner I will be using in this article is "SmartCase? FingerprintSensor" by Fujitsu Siemens Computers.

Installation

The first step that we will need to do is download the "fprint_demo", "libfprint" and "pam_fprint" archive files. The first package "libfprint" provides functionality for reading the users fingerprint and processing the users fingerprint, the second package "pam_fprint" provides authentication via PAM (Pluggable Authentication Module) and the third package "fprint_demo" provides a set of testing utilities. The "fprint_demo" source code can be downloaded from the [1] website, the "libfprint" source code can be downloaded from the [2] website and the "pam_fprint" file can be downloaded from the [3] website.

Requirements

Before you begin extracting the source code archives you will need to install the packages listed in Table 1 as they are dependencies for fprint.

Package Description
ImageMagick-devel Include files and libraries mandatory for development.
pam-devel Includes files and libraries for PAM-Development.
Development group C/C++ Compiler and Tools

Table 1: fprint dependencies.

The packages listed in Table 1 can be installed using the "yas2 sw_install" command.

Installing fprint

Once you have downloaded the "fprint_demo", "libfprint" and "pam_fprint" files you can move them into the "/usr/src" directory and begin extracting the content of each archive as shown in Figure 1.

linux-l4kc:/home/damian # mv libfprint-0.0.3.tar.bz2 /usr/src
linux-l4kc:/home/damian # mv fprint_demo-0.3.tar.bz2 /usr/src
linux-l4kc:/home/damian # mv pam_fprint-0.2.tar.bz2 /usr/src

linux-l4kc:/usr/src # tar jvxf libfprint-0.0.3.tar.bz2
linux-l4kc:/usr/src # tar jvxf fprint_demo-0.3.tar.bz2
linux-l4kc:/usr/src # tar jvxf pam_fprint-0.2.tar.bz2

Figure 1: Extracting fprint source code.

Installing libfprint

Once you have extracted all the source code archives we will compile "libfprint" library first as all the other tools rely on this library. Figure 1.1 shows the commands used to compile the source code and Table 2 explains each qualifier.

linux-l4kc:/usr/src/ # cd  libfprint-0.0.3
linux-l4kc:/usr/src/libfprint-0.0.3 # ./configure --libdir=/opt/gnome/lib/ --bindir=/usr/bin 
linux-l4kc:/usr/src/libfprint-0.0.3 # make && make install && make clean

Figure 1.1: Compiling the libfprint library.

Qualifier Description
--libdir=/opt/gnome/lib This is where the glibc library is located.
--bindir=/usr/bin This is where any binary files will be installed.

Table 2: libfprint qualifiers.

Installing fprint demo

Once the libfprint library has been installed you can begin to install the fprint demo file. When compiling the fprint demo you will get an error in the code as shown in Figure 1.2.

linux-l4kc:/usr/src # cd fprint_demo-0.3/ 
linux-l4kc:/usr/src/fprint_demo-0.3 # ./configure --libdir=/opt/gnome/lib/ --bindir=/usr/bin 
linux-l4kc:/usr/src/fprint_demo-0.3 # make 
... 
... 
/usr/src/fprint_demo-0.3/src/verify.c:210: undefined reference to `gtk_window_set_deletable' 
... 
... 

Figure 1.2: Error produced off the fprint demo.

This error can be fixed by opening the "verify.c" source file with a text editor and navigating to line 210 and commenting the line out as shown in Figure 1.3.

...
...
// get_window_set_deletable(GTK_WINDOW(dialog), FALSE);
...
...

Figure 1.3: Patching the "verify.c" file.

Once you have commented out the error you can begin compiling the source code again as shown in Figure 1.4.

linux-l4kc:/usr/src/fprint_demo-0.3 # ./configure --libdir=/opt/gnome/lib/ --bindir=/usr/bin
linux-l4kc:/usr/src/fprint_demo-0.3 # make && make install && make clean

Figure 1.4: Compiling the fprint demo.

Installing pam_fprint

The final installation step is to install the fprint PAM module, which will link into the Linux authentication mechanism and provide biometric fingerprint authentication. Figure 1.5 shows the commands used to compile the source code.

linux-l4kc:/usr/src # cd pam_fprint-0.2/ 
linux-l4kc:/usr/src/libfprint-0.0.3 # ./configure --libdir=/opt/gnome/lib/ --bindir=/usr/bin 
linux-l4kc:/usr/src/libfprint-0.0.3 # make && make install && make clean 

Figure 1.5: Compiling pam_fprint.

Testing

Once you have compiled all the source files, you can begin testing you're fingerprint scanner. The command you need to issue is "fprint_demo". This will bring up a graphical utility that allows you to configure you're scanner as shown in Figure 2.


Figure 2: fprint demo application.

Once the main interface has loaded you can scan anyone of you're fingers, which you would like to use for authentication. When you have decided which finger you would like to scan you can click on the enroll button and you will be prompt to scan you're finger. When you swipe you're finger you will see you're fingerprint display on the screen, as shown in Figure 2.1.


Figure 2.1: Enrollment of fingerprint.

Once you are happy with your fingerprint you can click the "OK" button and your fingerprint will be enrolled. Once you have enrolled the fingerprint you can verify you're fingerprint by scanning you're finger again. In the top left corner you should see a tab called "verify", select this tab and when the new tab loads you should see on the right side a "verify" button which will begin the verification process as shown in Figure 2.2.


Figure 2.2: Fingerprint verification.

When you perform the scan you will be informed if you're fingerprint matches or if it fails. This is a good test to make sure you have taken a good fingerprint and that you can make it match again.

Configuration

Once you have tested and played with you're fingerprint scanner you will be ready to setup biometric fingerprint authentication. The first step to setting up authentication is to enroll one or more fingerprints, this can be done with the "fprint_demo" utility which was covered before. The second method to enroll you're fingerprint is to issue the "pam_fprint_enroll" command.

Enrolling a fingerprint

The command we will use to enroll our fingerprint is "pam_fprint_enroll". The "pam_fprint_enroll" command needs to be run as the user who is going to be using biometric fingerprint authentication. Figure 3 shows the command used to enroll the right index finger.

damian@linux-l4kc:~> pam_fprint_enroll -f 7

Figure 3: Enrolling the right fingerprint.

Once you you have enrolled one of you're fingers you are ready to use biometric fingerprint authentication. If you want to enroll a different finger you can issue the "pam_fprint_enroll" command with the "-h" qualifier.

Enabling fingerprint authentication

We will now add fingerprint authentication to the GDM login screen. The file that we need to be edited is: "/etc/pam.d/gdm" as shown in Figure 3.1.

...
...
auth          sufficient        pam_fprint.so
...
...

Figure 3.1: "/etc/pam.d/gdm" PAM configuration.

The entry that is shown in Figure 3.1 will enable fingerprint authentication to the GDM login screen, Table 3 explains each section of the PAM entry.

Section Description
auth This tell PAM that this module is related to the authentication process.
sufficient This tells PAM that if the user scans his/her finger that they are granted access if the fingerprint matches. If this option was set to "require" only fingerprint authentication would be allowed.
pam_fprint.so This tells PAM which module to load.

Table 3: PAM configuration file explained.

Once you have finished editing the "/etc/pam.d/gdm" you can logout of your machine and at the GDM login prompt enter your username and then scan your finger. Once you have scanned your finger you should get a message saying: "Scan right index finger on AuthenTec AES2501" click "OK" and you should then be logged in otherwise you will be asked for a password which indicates your fingerprint failed.

Final Thoughts

Now that you have enable biometric fingerprint authentication on your system you should now have an extra layer of security that is protecting your system. I would also recommend visiting the fprint project website [4] as there could be later versions of this program that include more features and bug fixes.

Reference

  1. http://sourceforge.net/project/showfiles.php?group_id=208521&package_id=252711&release_id=555283
  2. http://sourceforge.net/project/showfiles.php?group_id=208521&package_id=249968&release_id=555280
  3. http://sourceforge.net/project/showfiles.php?group_id=208521&package_id=252487&release_id=555291
  4. http://www.reactivated.net/fprint/wiki/Main_Page


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell