Biometric Fingerprint Scan
Novell Cool Solutions: Feature
By Damian Myerscough
Digg This -
Posted: 5 Dec 2007
Implement biometric fingerprint authentication.
This article was tested on SUSE Linux Enterprise Desktop SP1.
Note: If you receive the following error:
"fprint_demo: error while loading shared libraries: libfprint.so.0: cannot open shared object file: No such file or directory"
Issue the following command:
ln -s /opt/gnome/lib/libfprint.so.0 /usr/lib/libfprint.so.0
The above command fixes the error while loading shared libraries.
In this article we are going to setup and configure biometric fingerprint scanning for logging into your workstations. Biometric fingerprint scanning offers a much more secure method of logging into your system as the key to login to the system is you're fingerprint. The biometric fingerprint scanner I will be using in this article is "SmartCase? FingerprintSensor" by Fujitsu Siemens Computers.
The first step that we will need to do is download the "fprint_demo", "libfprint" and "pam_fprint" archive files. The first package "libfprint" provides functionality for reading the users fingerprint and processing the users fingerprint, the second package "pam_fprint" provides authentication via PAM (Pluggable Authentication Module) and the third package "fprint_demo" provides a set of testing utilities. The "fprint_demo" source code can be downloaded from the  website, the "libfprint" source code can be downloaded from the  website and the "pam_fprint" file can be downloaded from the  website.
Before you begin extracting the source code archives you will need to install the packages listed in Table 1 as they are dependencies for fprint.
|ImageMagick-devel||Include files and libraries mandatory for development.|
|pam-devel||Includes files and libraries for PAM-Development.|
|Development group||C/C++ Compiler and Tools|
The packages listed in Table 1 can be installed using the "yas2 sw_install" command.
Once you have downloaded the "fprint_demo", "libfprint" and "pam_fprint" files you can move them into the "/usr/src" directory and begin extracting the content of each archive as shown in Figure 1.
linux-l4kc:/home/damian # mv libfprint-0.0.3.tar.bz2 /usr/src linux-l4kc:/home/damian # mv fprint_demo-0.3.tar.bz2 /usr/src linux-l4kc:/home/damian # mv pam_fprint-0.2.tar.bz2 /usr/src linux-l4kc:/usr/src # tar jvxf libfprint-0.0.3.tar.bz2 linux-l4kc:/usr/src # tar jvxf fprint_demo-0.3.tar.bz2 linux-l4kc:/usr/src # tar jvxf pam_fprint-0.2.tar.bz2
Once you have extracted all the source code archives we will compile "libfprint" library first as all the other tools rely on this library. Figure 1.1 shows the commands used to compile the source code and Table 2 explains each qualifier.
linux-l4kc:/usr/src/ # cd libfprint-0.0.3 linux-l4kc:/usr/src/libfprint-0.0.3 # ./configure --libdir=/opt/gnome/lib/ --bindir=/usr/bin linux-l4kc:/usr/src/libfprint-0.0.3 # make && make install && make clean
|--libdir=/opt/gnome/lib||This is where the glibc library is located.|
|--bindir=/usr/bin||This is where any binary files will be installed.|
Installing fprint demo
Once the libfprint library has been installed you can begin to install the fprint demo file. When compiling the fprint demo you will get an error in the code as shown in Figure 1.2.
linux-l4kc:/usr/src # cd fprint_demo-0.3/ linux-l4kc:/usr/src/fprint_demo-0.3 # ./configure --libdir=/opt/gnome/lib/ --bindir=/usr/bin linux-l4kc:/usr/src/fprint_demo-0.3 # make ... ... /usr/src/fprint_demo-0.3/src/verify.c:210: undefined reference to `gtk_window_set_deletable' ... ...
This error can be fixed by opening the "verify.c" source file with a text editor and navigating to line 210 and commenting the line out as shown in Figure 1.3.
... ... // get_window_set_deletable(GTK_WINDOW(dialog), FALSE); ... ...
Once you have commented out the error you can begin compiling the source code again as shown in Figure 1.4.
linux-l4kc:/usr/src/fprint_demo-0.3 # ./configure --libdir=/opt/gnome/lib/ --bindir=/usr/bin linux-l4kc:/usr/src/fprint_demo-0.3 # make && make install && make clean
The final installation step is to install the fprint PAM module, which will link into the Linux authentication mechanism and provide biometric fingerprint authentication. Figure 1.5 shows the commands used to compile the source code.
linux-l4kc:/usr/src # cd pam_fprint-0.2/ linux-l4kc:/usr/src/libfprint-0.0.3 # ./configure --libdir=/opt/gnome/lib/ --bindir=/usr/bin linux-l4kc:/usr/src/libfprint-0.0.3 # make && make install && make clean
Figure 1.5: Compiling pam_fprint.
Once you have compiled all the source files, you can begin testing you're fingerprint scanner. The command you need to issue is "fprint_demo". This will bring up a graphical utility that allows you to configure you're scanner as shown in Figure 2.
Figure 2: fprint demo application.
Once the main interface has loaded you can scan anyone of you're fingers, which you would like to use for authentication. When you have decided which finger you would like to scan you can click on the enroll button and you will be prompt to scan you're finger. When you swipe you're finger you will see you're fingerprint display on the screen, as shown in Figure 2.1.
Figure 2.1: Enrollment of fingerprint.
Once you are happy with your fingerprint you can click the "OK" button and your fingerprint will be enrolled. Once you have enrolled the fingerprint you can verify you're fingerprint by scanning you're finger again. In the top left corner you should see a tab called "verify", select this tab and when the new tab loads you should see on the right side a "verify" button which will begin the verification process as shown in Figure 2.2.
Figure 2.2: Fingerprint verification.
When you perform the scan you will be informed if you're fingerprint matches or if it fails. This is a good test to make sure you have taken a good fingerprint and that you can make it match again.
Once you have tested and played with you're fingerprint scanner you will be ready to setup biometric fingerprint authentication. The first step to setting up authentication is to enroll one or more fingerprints, this can be done with the "fprint_demo" utility which was covered before. The second method to enroll you're fingerprint is to issue the "pam_fprint_enroll" command.
Enrolling a fingerprint
The command we will use to enroll our fingerprint is "pam_fprint_enroll". The "pam_fprint_enroll" command needs to be run as the user who is going to be using biometric fingerprint authentication. Figure 3 shows the command used to enroll the right index finger.
damian@linux-l4kc:~> pam_fprint_enroll -f 7
Once you you have enrolled one of you're fingers you are ready to use biometric fingerprint authentication. If you want to enroll a different finger you can issue the "pam_fprint_enroll" command with the "-h" qualifier.
Enabling fingerprint authentication
We will now add fingerprint authentication to the GDM login screen. The file that we need to be edited is: "/etc/pam.d/gdm" as shown in Figure 3.1.
... ... auth sufficient pam_fprint.so ... ...
The entry that is shown in Figure 3.1 will enable fingerprint authentication to the GDM login screen, Table 3 explains each section of the PAM entry.
|auth||This tell PAM that this module is related to the authentication process.|
|sufficient||This tells PAM that if the user scans his/her finger that they are granted access if the fingerprint matches. If this option was set to "require" only fingerprint authentication would be allowed.|
|pam_fprint.so||This tells PAM which module to load.|
Once you have finished editing the "/etc/pam.d/gdm" you can logout of your machine and at the GDM login prompt enter your username and then scan your finger. Once you have scanned your finger you should get a message saying: "Scan right index finger on AuthenTec AES2501" click "OK" and you should then be logged in otherwise you will be asked for a password which indicates your fingerprint failed.
Now that you have enable biometric fingerprint authentication on your system you should now have an extra layer of security that is protecting your system. I would also recommend visiting the fprint project website  as there could be later versions of this program that include more features and bug fixes.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com