Summary: | Support fingerprint reader login in kdm | ||
---|---|---|---|
Product: | [Unmaintained] kdm | Reporter: | Charles <lucas.charles> |
Component: | general | Assignee: | kdm bugs tracker <kdm-bugs-null> |
Status: | RESOLVED UNMAINTAINED | ||
Severity: | wishlist | CC: | 4wy78uwh, alon.barlev, andreas, bugs.kde.org, bugzilla.kde, colemichae, curdyben, de.techno, dhaivatpandya, diego.ml, direx, djaara, ensgabe, flyser42, fugulyt, gigastarcraft2, hector.acosta, jpsutton, kde_bugzilla_2, kfunk, khashayar.lists, luizluca, meyerm, mklapetek, nbigaouette, nicco.ts, novosirj, null, nysander, oldium.pro, paul.lemmons, phlogi1, postix, rdieter, rik, robert, rohan, sarathlakshman, sir_kalot, skatemaster, stany_sik, sts, stuffcorpse, t.hartwig, user581, zayed.alsaidi, zhouwei400 |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Unlisted Binaries | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: |
Description
Charles
2005-11-19 02:13:15 UTC
kdm & kdesktop_lock provide a plugin interface that allows supporting (almost?) arbitrary authentication methods. it's pretty obvious that kdm simply can't provide a frontend for every pam module out there; they have to be shipped with the modules themselves. guess how it works on windows. While I fully understand and agree that KDM cannot possible support every custom PAM module, I believe fingerprint authentication is so widespread and important that it deserves a certain amount of special treatment. More and more computers are shipped with fingerprint readers, and logging in with username + fingerprint makes little sense as the fingerprint is both unique and secure, and as such, the KDM should from a usability point of view be able to identify and log the user in with one single swipe - no mouse or key clicked. If for nothing else, consider it from a usability point of view. Thanks. *** This bug has been confirmed by popular vote. *** *** Bug 145580 has been marked as a duplicate of this bug. *** There is an active open source project: driver and pam authentication for these fingerprint readers (UPEK/SGS Thomson Microelectronics) here: http://thinkfinger.sourceforge.net/ A cooperation would be great. Imho it should be possible to login with a fingerprint, but kdm should display a big fat warning ("Authentication via fingerprint only is insecure by design.") I would also really like to see fingerprint *only* authentication in KDE. It's one of the features I will miss most when I move from Windows to Linux & KDE on my ThinkPad. @Robert: Can you please justify your a bit harsh statement? I don't really know if this is the right place to discusss it. @Grzegorz: There are a lot of ways to cheat a fingerprint-scanner with stuff everybody has at home (plus graphit spray) in spite of 'life detection' is getting better. The German computer magazine c't has a (German) article about this in its actual edition (12 - http://www.heise.de/ct/ ). Of course the attacker needs your fingerprint, so it's a good idea not to use the right forefinger if you're right hander but for example the left ring finger (or a toe ;-) ). BUT @Robert: A working reader is much better as a bad password. Besides all this I can access all the data on my computer with a normal Knoppix boot-CD if my harddisk isn't encrypted. So everybody has to choose himself. I fully agree with the last comment. For a large group of home users, the primary concern is not security, but convenience, and such users normally don't have classified information on their harddrives anyway. If so, having physical access to the computer (which you need for a finger print reader anyway ;) ) can always give root anyway. My experience is that the vast majority of "home users" have separate accounts for the convenience of separating settings, documents, email and bookmarks from various family members, and as such greatly appreciate the simplicity of logging in with just the swipe of a finger. In many cases the alternative is a password-less account or at best a very poor password. I fully agree with the last comment and will add a new topic: Unsecure environment: A working reader is much better as a strong password!!! I prefer to keep my laptop with me at conferences or in public areas. Yes I will leave my fingerprints also there. But with the surveillance cameras or mobile vga cams it is very easy to record also my strongest passwords. So I prefer the finger print reader in these areas for login and unlocking. (But NOT for my PGP-passphras etc.) Just wondering: Wouldn't you need to make sure that the kdm session is running at the console and not remotely? Or more genrerally: you'd have to make sure that the input device is belonging to the xserver that is handling the authentication. Otherwise someone else might just get authenticated at a remote display, waiting to log in(???) I'm pretty sure because of the way PAM works and consequently the way thinkfinger is written, you'll have to select a username first. Fingerprint-only isn't something you'd do at the KDE level, you'd have to make changes to PAM. I'd just like to click a user in KDM and swipe my finger for auth, and then get swipe support for KDE su. Those two things would accommodate the vast majority of my use. One thing I would like to see is , u do not ask for the username ...u just ask for a finger swipe and decide upon the username after he swipes the finger. I understand that this will make the sytem a bit unsecure because the login id can itself be a unknown thing to the person if he is trying to break. But this would be a kool feature ...A user comes and swipes his finger to log in. About just needing to swipe the finger to log in, i think one _must_ select a user first, for example i use 3 users (normal, testing, and devel) to hector: You have more than 3 fingers I suppose Despite of the amount of finger the user could have, recognizing the username only by fingerprint is still a great (and even easier) idea and, if he has more than one username, this could then be the (only) time to make him to select which one he wants to use. And if it's possible to associate more than one fingerprint to one username, making the username shared to more than one person (which, sometimes, is a regular user need - like somebody who share the desktop and files and all their stuff, and without fingerprint reader would normally share a password), this solution (of, after reading the fingerprint, to display only the usernames which have the same fingerprint associated, if the case - or if not, simply login, displaying no list) also solves it. I really couldn't care less whether you need to select a username or not. I simply wish my fingerprint reader to function as intended (i.e., to allow me to log into my Thinkpad using it). Perhaps the username selection for fingerprint authentication could be a selectable option in kcontrol. In any event, this wishlist item is almost 2 years old, so will it ever be implemented? Keep in mind that 2 years ago, fingerprint readers were far less common and, for the last year or so, getting the basic KDE 4 stuff working has been the main focus. Besides, I'm (slowly) starting to learn C++ and Qt, so once KDE 4 comes out, I'll start making time to fix things I've voted for. Sooner or later, this WILL get done. It just may take a while. Well, I much anticipate this feature being added, and I appreciate you work :) Until then, however, it looks like I'll be using GDM :( On 6 Sep 2007 23:27:20 -0000, Stephan Sokolow <kde_bugzilla.zen.ssokolow@spamgourmet.com> wrote: [bugs.kde.org quoted mail] Regardess of whether it is supported in KDE, has anyone created the PAM Module needed to auth a fingerprint against the local users to find a match? I'm not sure, if I would like this authentication-without-username-selection feature. I have several accounts on my machine, too. Sure, you could use a different finger for each account, but this way, you have to remember what finger you assigned to which account and you could easily end up using the wrong finger by accident and login to the wrong account. This could be annoying. Another problem would be, that you can't force users to use different fingers. What if a user assigned the same finger to several accounts, which account should be selected for login? Or would you like to prevent this scenario by the following error message during fingerprint registration: "This fingerprint is already used by a different user, please use another finger!" ;) I have set my KDM to automatically pre-select the last user, so I think in 97% of the cases there is no need to explicitly select a user and just swipe your finger, because you're the last one who logged in and you want to use the same account again. Yeah, this is what I meant. Forcing the user to assign one finger to each account would hurt accessibility. I think the best would be what I (and Jörg Hermsdorf) suggested: allow user to assign the same finger to several accounts and, on kdm, tell him to select or type an account name and password or just swipe a finger. Kdm would recognize the users assigned to that finger. If there's only 1, would just log him in. Having more than 1 account assigned to that finger, prompt the accounts to user to select the one he wants to use. Having none, display an error message about it. I don't see a conflict between the two options (ask for a username or not when you swipe a finger). You can configure your kdm to behave either way. Just like I have the option to automatically log in a specific user, but I choose not to enable it. ThinkFinger is already integrated with PAM. On load, KDM should automatically select/enter the name of the previously used user name. The fingerprint reader should be used to authenticate that user. Other names could be selected from a list, then still authenticate with the fingerprint reader. The KDE Wallet and Screensaver should both use the fingerprint reader to authenticate the current user. You might think that, but it's not true based on my experience. In fact, letting KDM load at boot for me would often crash Thinkfinger's PAM in such a way that it wouldn't work for anything else after. KDE Wallet and Screensaver have never recognized any input from the reader, even if it was working to authenticate other things like sudo from a term. There must be support for multiple fingers any of which can be used to authenticate a specific user (like windows btw). This allows a simple solution to deal with injury - like cut finger ... or bandaged hand etc. Not sure if this is thinkfingers job or kdm or pam? I'd have to say this is KDM's realm of responsibility. Thinkfinger exists now as a PAM module, and since KDM is supposed to support PAM for authentication, this is a bug in KDM. I agree with Comment 28, however I also feel that Kdesktoplock also needs to support this feature. Since currently attempting to use it crashes kdesktoplock forcing users to kill the process, which if you have VT switching disabled, is kind of impossible. I think that this is a bug in kdm since thinkfinger provides the pam module. Needs to be fixed ASAP. I do not like Gnome, and have always used KDE. The initial comment : "kdm & kdesktop_lock provide a plugin interface that allows supporting (almost?) arbitrary authentication methods. it's pretty obvious that kdm simply can't provide a frontend for every pam module out there; they have to be shipped with the modules themselves. guess how it works on windows." was incredibly ignorant, and is designed to turn users away from KDE. What needs fixing here is kdm, not thinkfinger. Is this bug going ignored? Or is it just that the Devs don't give a Sh*t? Either way, I'm considering switching to GDM so that Thinkfinger 0.3 doesn't crash it. (I'm stuck on Thinkfinger 0.2 which causes the reader to get warm because KDM crashes with 0.3) Either way, I mainly use it for sudo inside Yakuake. I'm sure that if you supply them with a patch they will include it. You don't get anywhere by offending people who are doing volentary work. Alternatively, if you don't have the coding skills and it's important for you, you can put up a bounty on launchpad.net. Like 100$, then maybe someone will see the bug and become interested. https://launchpad.net/ubuntu/+bounties //Pascal Ryan Neufeld skrev: [bugs.kde.org quoted mail] perhaps my phrasing was a little harsh. It just seems to me that an issue like this should be addressed quickly as should be a quick fix. This bug was posted two years ago(2005), and only in the last year (2007) has it received any attention. I am merely wondering if I should consider what others have done an make the switch to GDM or XDM so that this feature can be supported, or if I should just be patient. gdm is nice. It lacks a few of kdm's features, but the change is worthwhile for the fingerprint support. They'll fix it eventually, but why wait? Is anyone actually working on this? I would like to get this working and have decided to see what I can do to get everything working for my tablet here. Just e-mail me if your working on it, so maybe we could work together to get this going. *** Bug 153583 has been marked as a duplicate of this bug. *** I have KDE login now working for my KDE session using this project. http://www.reactivated.net/fprint/wiki/Pam_fprint What is status of this highly popular wish? Just another user who switched to GDM because of the lack of this feature in KDM. Please... May I remind that security experts tell us that working with fingerprints is bad security? My vote for closing as WONTFIX as there is no BADIDEA. This recent related event might be interesting: http://www.heise-online.co.uk/news/CCC-publishes-fingerprints-of-German-Home-Secretary--/110427 That's very poor practice, to enforce policies upon users by restricting their choices. The sysadmin/security manager of a certain system is the one who decides which autenthication method is suitable or not for the specific case and user. Security is always a trade-off. The convenience of using a fingerprint outweighs the security implications in some cases. There may be valid reasons for dismissing it (such as that it should be handled outside of KDM), but security is not one of them IMO. Should KDM also require all users to use strong passwords with letters, numbers, and special characters because short passwords are weak? Should KDM's autologin support be removed since autologin is not secure? Fingerprint authentication is a good middle ground between no password and a secure password. It may be crackable, but realistically it's enough to secure a login manager in many situations. fingerprint is definitely usefull. Not provideing it will result in using gdm instead. I have a demo desktop with some demo users. During an exposition, its harrassing to type a password while using finger print IS the way to go. Closing bug for security reason si the sillyest thing I've ever seen so far. compared to autologin it's ... a non sens? I have a tablet computer and when you are in tablet mode it is very annoying to just change it to labtop mode to enter your password. while in Windows (or probably in gdm) you don't need keyboard and you can continue in Tablet mode. I think Finger Print Authentication is a "Must" for Tablet Computers. Hmm what's next? KDE deletes the stored passwords of firefox, as saving passwords is not secure? I guess most people know that a fingerprint is not *that* secure but do you know those little notebook locks (Kensington for example)? With the right tools these locks are a joke. But they are good enough for a library, when you walk away and have your notebook tied to the desk... maybe someone with a huge wire-cutter would raise some suspicion. And maybe I want a quick fingerprint authentication in this setting... You know as a user who knows what he wants? The Network manager *can* store passwords in simple textfiles! OMG, what a huge security breach compared to fingerprint login... Maybe someone can make a fake fingerprint but this might take about 40 min of work (as said by the CCC). I guess it is much less effort to simply steal the harddrive (2 screws on most laptops). So maybe you should re-consider your "You users are so awfully silly and I know what you actually want so much better" - attitude. Display a warning box if someone wants to register his fingerprints and if the user still wants it then I guess the user should. I always thought Linux was about freedom of choice, but this attitude here ruins KDE's image... at least for me. It's just plain disgusting. That exactly what I mean too! When I enter the password in the train - it much more insecure than a fingerprint which nowone can steal by looking what i am typing! So we need support for this feature! Simply, I as many other want to be KDM functional with fingerprint. It is secure enough for me. If I need better security, than my valuable data are crypted by TrueCrypt. Important is find balance between security and comfort. I think that is no problem make any option if user want use password or fingerprint or for better security both. For me question is not if login by fingerprint yes or no, but how do it reliable a secure enough. Actually the question for me is, when will this actually be available. Its not like it is impossible, GDM has it. KDE is supposed to allow great customization compared to Gnome so I am surprised this has not been available for as long as this. I think its obvious from the replies that enough people do want this feature and have given enough arguments to support it. Thanks, Dhaval corwin78 <michal.breskovec@gmail.com> wrote: [bugs.kde.org quoted mail] ------- >Simply, I as many other want to be KDM functional with fingerprint. It is secure enough for me. If I need better security, than my valuable data are crypted by TrueCrypt. > >Important is find balance between security and comfort. I think that is no problem make any option if user want use password or fingerprint or for better security both. > >For me question is not if login by fingerprint yes or no, but how do it reliable a secure enough. I'm puzzled by two things in the strong rejection of fingerprint support in KDM. First - if it's good enough for airport security, it should be good enough for a home computer. In a growing number of European countries, fingerprints are now used in conjunction with the check-in procedure. Second, remember that if one has physical access to the computer over time, nothing is safe regardless of security measurements, except for full harddisk encryption. For the vast majority of home users, username/password combos are just used to keep email, bookmarks and general settings separate from different family members, and the alternative to a fingerprint is a bad password. Second - since when did KDE adopt Gnome's stance of "the users are stupid, so we'll dumb down the user interface"? And at the same time KDE allows password-less login.. Third - this refusal should've been an april's fools joke... On Tuesday 01 April 2008 22:44:08 Andrew Yates wrote: [bugs.kde.org quoted mail] Yes. A trade off made by the system admin when it comes to authentication methods. > fingerprint outweighs the security implications in some cases. There may be > valid reasons for dismissing it (such as that it should be handled outside > of KDM), but security is not one of them IMO. Precisely. KDM should support whatever pam does. Authentication is PAM's problem, not KDM's. I thought linux design was modular. Since when did the designers of KDE start adopting windows' bad habits ?? > > Should KDM also require all users to use strong passwords with letters, > numbers, and special characters because short passwords are weak? Should > KDM's autologin support be removed since autologin is not secure? These are questions for pam, not kdm. > > Fingerprint authentication is a good middle ground between no password and > a secure password. It may be crackable, but realistically it's enough to > secure a login manager in many situations. See above. On Tuesday 01 April 2008 21:07:49 Sebastian Pipping wrote: [bugs.kde.org quoted mail] With all due respect, that is stuff and nonsense. If fingerprint logins were such a horribly bad idea, why would pam allow it ? Wouldn't that be the place to pose these questions, given that linux is supposed to be modular in design ? Today, it is authentication, tomorrow certain "geniuses" could be arguing that KDE should not be supporting mounting FAT32 volumes (or take your pick). This smells more and more like "KDM is broken internally and cannot be fully compatible with pam, but we can't really tell the users that, so let us float this canard.". I fully agree. - same procedure as every year - see my comment #8 (2007-06-05) Would be cool to use fingerprint to identify account and password to login. without the correct fingerprint, no way to select the correct login name.......... The completely irrelevant comments and insults against KDE attached to this bug have long since become annoying. If you do not have a patch that provides functionality, information on why KDM crashes thinkfinger, etc, then please do NOT comment here. If you've an opinion or great use case add it to your personal blog instead or take it to a discussion mailing list--it does NOT belong on Bugzilla. If you are interested in fingerprint reader support for KDM, please vote for the bug, or better yet offer a cash bounty (e.g. through Ubuntu https://launchpad.net/ubuntu/+bounties). Wow this has raised a lot of reaction. I could add my response to the "fingerprint is insecure", but many did and good arguments have been raised. As comment #38 suggested, KDM _DO_ works with PAM. Its just that it may be broken with thinkfinger. The last time I tried, using thinkfinger with KDM crashed it. I'm now using fprint (see http://www.reactivated.net/fprint/wiki/Main_Page ) and I can use my fingerprint reader to login into KDM/KDE. Install libfprint and fprint_demo, save your fingerprint using fprint_demo, and set up correctly pam (see http://reactivated.net/fprint/wiki/Pam_fprint#Configuring_PAM ) for the authentification method you want to use (su, sudo, login, etc.) To login into KDM, simply select/enter your username, then press enter without any password. A popup will appear asking you to identify using yourself with your fingerprint (or with the one from a cut fingers... :P ). You still need to press "Enter" after swiping your finger, but it does work well. KDM never crashed on me with fprint. fprint is even more verbose than thinkfinger. So all in all, KDM already works with fingerprint readers! No need for flamwars on the security model of fingerprint readers ;) Regards Sorry for fueling this discussion with my previous, shortsighted post. Don't worry Sebastian, at least it's showed how many people are keen on the issue (including myself). I'll give a try to the alternative above and see if it works for me too. I suppose I should uninstal thinkfinger and try to reverse the edits to the pam config (hope I remember what I did). I don't think you need to uninstall thinkfinger. You do need to change the pam configuration though. Look here for more details: http://reactivated.net/fprint/wiki/Pam_fprint#Configuring_PAM Here is where I have the fprint pam modules. Note that each one is always the first line in the file. > grep -i fprint /etc/pam.d/* /etc/pam.d/gnome-screensaver:auth sufficient pam_fprint.so /etc/pam.d/kde:auth sufficient pam_fprint.so /etc/pam.d/login:auth sufficient pam_fprint.so /etc/pam.d/su:auth sufficient pam_fprint.so /etc/pam.d/sudo:auth sufficient pam_fprint.so /etc/pam.d/xscreensaver:auth sufficient pam_fprint.so Does fprint work with other kde apps, say kdesu or kde screensaver? Under Debian (Lenny + some Sid), I just installed libpam-fprint and fprint-demo. I then used fprint_demo to register my fingers (one is enough). I then altered /etc/pam.d/common-auth to contain just this now : auth sufficient pam_fprint.so auth required pam_unix.so nullok_secure And now I can authenticate to KDE with my finger (kdesktop_lock works too). The tip is to press enter without a password. There are too much "Enter"s to do in my opinion, but it works. Regards, OdyX kdesu is bad. I suggest using KdeSudo, which uses sudo and works well with fprint: http://www.kde-apps.org/content/show.php/KdeSudo?content=72106 Because it uses sudo, you can configure your /etc/sudoers : "KDE's normal KdeSu doesn't deal correctly with sudo, and is only capable of authentication. It doesn't deal with sudo specific features like NOPASSWD and so on." "Other kde apps" should work IF they work with pam... As somebody said here, PAM takes care of authentification. thinkfinger wasnt stable, so it did not worked well with KDE. But fprint is more stable, so it does not crash KDM (or anything else). KDM does not have to support fingerprint auth., it just need to support PAM (which it does). It must be stable enough not to crash though. As #61, there is too much "enter" to press. But this is an issue with PAM and its interaction with programs. It does work. What could be done in KDM is maybe a better integration with fingerprint readers. For example, a message telling to press enter _without_ a password to authenticate with fingerprint... yeah, combining fingerprint + username + password sounds good :) (see #54) is anybody working on it nowadays? perhaps we could steal some code from the new, rewritten gdm? Hmm still no progress here? For me the most annoying thing is that I have to kill the krunner_lock manually. Hello, i'm going buy after new year Notebook with fingerprint reader. I hope in good support in KDM. Thanks :-) (I added few votes ;-) ) It does work well for me. I can login through KDM. Basically I select my username (or type it, or last selected), press login (or enter) without putting a password (leave it blank). Then fprint will ask you to swipe your finger and press ok. Thats it ;) Through what software stack, Nicolas? You mean what to manage the finger print reader? I'm using fprint: http://reactivated.net/fprint/wiki/Main_Page and its PAM module: http://reactivated.net/fprint/wiki/Pam_fprint Is that what you meant? I hope it works with opensuse 11.1: https://bugzilla.novell.com/show_bug.cgi?id=441144 #66: How did you get pam_fprint to comfortably still offer passwords as an option? Whenever I tried, it'd show the fingerprint dialog even if you entered a password and, if I set it up for console, it'd only ask for a password if the fingerprint failed too many times. (I preferred the pam_thinkfinger-style prompt, but thinkfinger 0.2.x makes the scanner run hot, 0.3.x crashes KDM, and development on thinkfinger has ceased in favor of fprint) Guys, this is not a forum, please stop discussing workarounds here. The bug is open and some work need to be done. are there any moves on torwards implementing this feature as in gdm and resolve this bug (wish request) ? Some additional useful information can be found here: http://fedoraproject.org/wiki/Features/Fingerprint May I know the status of this bug? Is there anyone who fixed it already ? any patches available ? fwiw, this is closely related to bug 105631. read comment 24. http://blog.djaara.net/wordpress/2009/ http://blog.djaara.net/wordpress/2009/04/30/fingerprint-login-in-kdm-video/ I filed bug 201628 a few days ago (before I saw this one). It is a wish request for Solid to add support for fingerprint devices. The bug I filed isn't specifically concerned with KDM, but rather with general support (to be used in e.g. kwallet). I'm not sure if it should be considered a dupe of this. Just letting y'all know... There is some work to integrate fingerprint management module and kgreeter plugin. See this: http://lists-archives.org/kde-devel/22554-fingerprint-management-module-and-kgreeter-plugin.html But I do not know if it will make it for kde 4.4 . http://reactivated.net/fprint/wiki/Main_Page Has already support for fingerprint scanning.. I was using it years ago.. It works using the PAM.. I think this should be closed as an issue here.. with opensuse 11.2 and kde 4.3.4 kdm seems to support fingerprint reader, but when I activate fingerprint scan for login in YaST the kdm login page looks weird. Is this a known bug? (In reply to comment #80) > with opensuse 11.2 and kde 4.3.4 kdm seems to support fingerprint reader, but > when I activate fingerprint scan for login in YaST the kdm login page looks > weird. Is this a known bug? You are right. I tried in suse 11.2 and it works. Theme is corrupted, but this is suse problem I believe. Does kdesu support fingerprints? Gnome su supports it. I think kdesu "supports" is through su. su works with pam_fprint on my machine. But kdesu does not show anything if it is waiting for finger swipe, you need to guess the machine is waiting for the swipe... +1 to having a single swipe that then asks which user you want only if that fingerprint is assigned to more than one. Usability, simplicity and flexibility all in one solution. Ok i found this upstream project in kde svn,you might want to take a look at this http://blog.djaara.net/wordpress/2009/10/16/kfingermanager-and-kdmfprintplugin-in-kde-svn/ This enhancement is much more critical than others... or even more than real bugs. Nowadays fingerprint readers are being a standard. So impatient... this bug is less than 5 years old ! Does linux have enough PAM modules to have support for most finger print readers? Because if we don't, half compatability seems like a bad idea (half the people on IRC tells you it should work and the other half tells you that it never worked for them, and none of them have read the non-existant docs) @87: I suspect what most people want is support for libfprint and pam_fprint. http://reactivated.net/fprint/wiki/Supported_devices At the moment, their website claims they have a shortage of skilled developers to convert USB sniff logs into drivers, but it also claims that the last notable update was in 2008 and that libfprint is at v0.0.6. Given that libfprint is at v0.3.0 and their mailing list seems reasonably healthy for a small project, I assume they've been forgetting to update at least parts of their website... which means even more devices than on that list may be supported. (eg. One recent conversation I saw via GMANE involved a developer soliciting testers for a new driver backend) I think in modern days, PAM handling is done through libfprint which acts as a wrapper. For those who care, there is a new release of libfprint v0.3.0 is available at: http://people.freedesktop.org/~hadess/libfprint-0.3.0.tar.bz2 2010-09-08: v0.3.0 release * Add support for UPEK TCS4C (USB ID 147e:1000) * Use NSS instead of OpenSSL for GPL compliance * upeksonly driver bug fixes * Fix a crash if a scan was shorter than 8 lines * Fix compilation with C++ compiler Cheers Who is leading the dev now hasn't updated or cannot update the project page. (In reply to comment #90) > For those who care, there is a new release of libfprint > > v0.3.0 is available at: > http://people.freedesktop.org/~hadess/libfprint-0.3.0.tar.bz2 > > 2010-09-08: v0.3.0 release > * Add support for UPEK TCS4C (USB ID 147e:1000) > * Use NSS instead of OpenSSL for GPL compliance > * upeksonly driver bug fixes > * Fix a crash if a scan was shorter than 8 lines > * Fix compilation with C++ compiler > > Cheers > > Who is leading the dev now hasn't updated or cannot update the project page. Those are great news for me (I have UPEK TCS4C). Anyway, are you referring to http://reactivated.net/fprint (last update on 4th of October 2009) ? Yes, Take a look at maillist http://lists.reactivated.net/pipermail/fprint/ It is still an active project. Soon (only one year) this bug report will have its 10 years birthday. Fwiw, KDM was deprecated in favor of SDDM for the Plasma5/Frameworks era, so I think this can be closed now and/or moved to SDDM (which sadly is on github) Based on comment #94, I have added this issue to the SDDM project on github. For the record purposes and for others to follow, here's a link to the sddm issue: https://github.com/sddm/sddm/issues/284 Cheers Hope it can be fixed before its 10 years birthday. KDM is now deprecated and in maintenance-only mode, there will be no new features added. We've moved to SDDM as our primary and mainly supported login manager. See comment #96 for following the issue there. +1 pls add fingerprint reader and login support as a default, integrated option on KDE! (In reply to rik from comment #99) > +1 pls add fingerprint reader and login support as a default, integrated > option on KDE! Does not 2fa (OTP) cue work as well? I tried once and only received prompt for OTP in terminal but not in the login screen(sddm) |