27.2 Managing Fingerprints with YaST

Enabling Fingerprint Authentication

You can only use biometric authentication if PAM is configured accordingly. Usually, this is done automatically during installation of the packages when the hardware check detects a supported fingerprint reader. If not, manually enable the fingerprint support in YaST as follows:

  1. Start YaST and select Hardware > Fingerprint Reader.

  2. In the configuration dialog, activate Use Fingerprint Reader and click Finish to save the changes and close the dialog.

Now you can register a fingerprint for various users.

Registering a Fingerprint

  1. In YaST, click Security and Users > User Management to open the User and Group Administration dialog. A list of users or groups in the system is displayed.

  2. Select the user for whom you want to register a fingerprint and click Edit.

  3. On the Plug-Ins tab, select the fingerprint entry and click Launch to open the Fingerprint Configuration dialog.

  4. YaST prompts the user to swipe his finger until three readable fingerprints have been gathered.

  5. After the fingerprint has been acquired successfully, click Accept to close the Fingerprint Configuration dialog and the dialog for the user.

  6. If you also want to use fingerprint authentication for starting YaST or the YaST modules, you need to register a fingerprint for root, too.

    To do so, set the filter in the User and Group Administration dialog to System Users, select the root entry and register a fingerprint for root as described above.

  7. After you have registered fingerprints for the desired users, click Finish to close the administration dialog and to save the changes.

As soon as the user's fingerprint has been successfully registered, the user can choose to authenticate with either fingerprint or password for the actions and applications listed in Section 27.1, Supported Applications and Actions.

Currently, YaST does not offer verification or removal of fingerprints, but you can verify or remove fingerprints from the command line. Refer to Verifying or Removing a Fingerprint for more information.

With YaST, you can also import fingerprint files (*.bir) already stored somewhere in your file system. Click Hardware > Fingerprint Reader and select or enter the Directory with fingerprint files. Click Finish to start the import. The fingerprint files are copied to /etc/pam_thinkfinger/login.bir, the default directory for the fingerprint files.