Laptop fingerprint readers and linux - Linux

This is a discussion on Laptop fingerprint readers and linux - Linux ; Many new laptops have a fingerprint reader where you can just 'swipe' your finger of the pad and presto... you're logged in. Wow. What a freakin mess. With Windows this "just works" out of the box. With linux, it's worse ...

+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 32

Thread: Laptop fingerprint readers and linux

  1. Laptop fingerprint readers and linux

    Many new laptops have a fingerprint reader where you can just 'swipe' your
    finger of the pad and presto... you're logged in.

    Wow. What a freakin mess. With Windows this "just works" out of the box.
    With linux, it's worse than a nightmare. I'd say that most "geeks" have
    little to no chance of getting this to work. Normal people... fuhget bout
    it.


    http://www.thinkwiki.org/wiki/How_to...erprint_reader


    This page describes the process of getting the integrated fingerprint
    reader to work under Linux, using bioapi and binary-only drivers. It is
    based on experiences in Ubuntu on a T43. The same works on Fedora Core 4
    and 5, RHEL4, SuSE 9.3, SuSE 10, and Gentoo. Note that experimental
    open-source driver is available, see the apropriate page for details.


    Basic installation
    Installing the bioapi framework
    Automated installation script
    The Script for enabling the fingerprint reader automates the installation
    of most components (bioapi framework, driver, pam_bioapi, pam setup, device
    permissions, pamtester and enrolling), for some Linux distributions.

    Binary packages
    Note that these packages only take care of this one section. If you can use
    one, you should do so and then proceed to the section entitled, Installing
    and Configuring the Driver.

    Debian/ Ubuntu Dapper
    a.. If you're using Debian Sid (the unstable branch) or Ubuntu Dapper
    Drake 6.06 LTS you can try the packages from Michael R. Crusoe's site,
    either version 1.2.3 (recommended) or older versions which might not work
    with the steps in this howto.
    Hint:
    Ignore the warning about not finding /usr/lib/libqtpwbsp.so, it's not
    fatal.
    Gentoo
    Gentoo now includes needed ebuilds. Just run

    ACCEPT_KEYWORDS=~x86 emerge pam_bioapi

    You can also grab the ebuild, or use the source-install procedure below.

    Also see http://toe.ch/~tsa/ibm-fingerprint/ for alternative documentation
    on installing on Gentoo including ebuilds for all the packages used.

    Fedora Core
    RPM packages for Fedora Core and installation instructions are available
    here

    Installing from source
    Hint:
    For ubuntu (Gutsy) you'll need at least the: build-essential automake
    packages, or building will fail.

    a.. Get the bioapi source:
    $ wget http://bioapi-linux.googlecode.com/f...i_1.2.3.tar.gz
    a.. I could not compile bioapi with the graphical Qt tools. To do it
    manually, do the following:
    $ tar xzf bioapi_1.2.3.tar.gz
    $ cd bioapi-1.2.3
    $ ./configure --with-Qt-dir=no
    $ make
    and then as root
    # make install
    If make install fails, be sure you're root and then:
    # export LD_LIBRARY_PATH=/usr/local/lib
    # make install
    and if you want to compile pam_bioapi for auth later
    # cp include/bioapi_util.h include/installdefs.h
    imports/cdsa/v2_0/inc/cssmtype.h /usr/include
    Be aware that checkinstall will not work!
    (I got through configure with Qt, but got a cryptic build error. It all
    worked fine with Qt disabled as above)
    buzz: This is due to a wrong qt include path, set it manually in
    configure and everything should work.
    sbarre: I got it to work by doing the following quick hack :
    ->in the configure script, line 25975, there is clearly a bug (specify a
    directory instead of a library), thus I replaced the
    '-l$bnv_qt_lib_dir' with a '-L$bnv_qt_lib_dir'

    -> At the same lines, the $LIBS suffers from a misconstruction (I
    obtained a -l without anything after, which causes an error from gcc). I
    think the problems comes from the design of the script : if we do something
    like $LIBS=$LIBS -l$something. We MUST be sure that $something is defined.
    Since I have no time to fully debug it, I completely replaced the line
    25975 with the libraries that worked for my system (probably quite current
    in fact) :
    bnv_qt_LIBS="-L$bnv_qt_lib_dir -lqt-mt -lSM -lICE -lX11 -lXext -lXmu -lXt
    -lXi"
    -> This should make configure to work. Then, when typing 'make', the
    configure script is regenerated, thus you should also update the m4 script
    that is responsible for those problems : in file m4/bnv_have_qt.m4, change
    line 106 with :
    QT_LIBS="-lqt-mt -lSM -lICE -lX11 -lXext -lXmu -lXt -lXi"
    a.. Bioapi (at least version 1.2.2) doesn't compile with GCC4. You need
    to patch it:
    b.. This is neccessary to compile on SUSE 10.1 which it using gcc version
    4.1.0.
    $ wget http://upir.cz/linux/patches/bioapi-1.2.2-gcc4.patch
    $ patch -p1 < bioapi-1.2.2-gcc4.patch
    a.. Patch for gcc 4.1 is available here -
    http://cvs.pld-linux.org/cgi-bin/cvs....patch?rev=1.3
    b.. By default, bioapi will install numerous files in
    /usr/local/{bin,lib,include}, including files with "self-explanatory" names
    such as /usr/local/bin/Sample. To prevent this pollution:
    Create a dedicated directory, for example /opt/bioapi .
    Append --prefix=/opt/bioapi to the above ./configure command.
    Append /opt/bioapi/bin to $PATH and /opt/bioapi/lib to $LD_LIBRARY_PATH.
    When installing the driver (below), tell it the new install path: # sh
    install.sh /opt/bioapi/lib
    Adjusting ldconfigs library search path
    At least on Fedora Core or Aurox Linux 11, you may need to add
    /usr/local/lib to the library path so that the libraries referenced from
    pam_bioapi.so get picked up properly. The usual way to do this is adding it
    to the ldconfig configuration:

    # echo '/usr/local/lib' > /etc/ld.so.conf.d/bioapi.conf
    # ldconfig
    Alternatively you can add it to the LD_LIBRARY variable.

    If you see bioapi libs in the output of

    # ldconfig -p
    then it should work.

    Installing and configuring the driver
    Installing the driver
    a.. Download TFMESS_BSP_LIN_1.0.zip from the UPEK support site and unzip
    it into a seperate folder, as it will not create one.
    b.. Change to that folder and do as root:
    # sh install.sh
    If you're running Gentoo, Debian or Ubuntu Dapper, use
    # sh install.sh /usr/lib
    Hint:
    For me it didn't work this way, but following did:

    sh install.sh /usr/local/lib
    greetings, tec

    Hint:
    On my debian install I had to "cp libtfmessbsp.so /usr/lib" to avoid a
    errormessage during "sh install.sh /usr/lib": "Could not find
    file:/usr/lib/libtfmessbsp.so"
    If that fails, it may be that make install failed up above -- try setting
    LD_LIBRARY_PATH, do the make install again, and come back here and try this
    again. You also need mod_install from bioapi in your PATH.
    May there still occures and error, which means mod_install: command not
    found.
    Then login as root - not su!
    Do this:
    # sh install.sh
    again. It should work. SU to root does not work since then the
    /usr/local/bin directory is not used per default.
    Configuring permissions for non-root use
    If you want to use PAM-aware applications like xscreensaver that are NOT
    running with root permissions (as opposed to login, gdm or other
    authentication mechanisms), you may need to do all or at least some of the
    things in this section. More details on what is necessary on which
    distributions would be greately appreciated.

    a.. Create two groups, one for access to BioAPI files and the other for
    access to the usb files. (This is done for full generality; i.e., you may
    have other USB devices which you want accessable to other users, without
    exposing your BioAPI configuration to them). Add your normal user (the one
    you wish to use PAM-aware applications with) to both of these groups.
    On Debian this is done with

    # addgroup --system bioapi
    # addgroup --system usbfs
    # adduser yournormaluser bioapi
    # adduser yournormaluser usbfs
    On SUSE this is done with

    # groupadd --system bioapi
    # groupadd --system usbfs
    # groupmod -A yournormaluser bioapi
    # groupmod -A yournormaluser usbfs
    On Mandriva this is done with

    # groupadd -r bioapi
    # groupadd -r usbfs
    # usermod -G bioapi,usbfs yournormaluser
    On Fedora Core this is done with

    # groupadd bioapi
    # groupadd usbfs
    # usermod -G bioapi,usbfs yournormaluser
    (where yournormaluser is your normal user name). You will need to log out
    and log back in for this to take effect.
    a.. Set permissions on the BioAPI config/registry directory:
    # chown -R root:bioapi /usr/local/var/bioapi/
    # chmod -R 770 /usr/local/var/bioapi/
    (change this path if you used an alternate BioAPI install directory
    above)
    a.. Set permissions on the files in /proc/bus/usb:
    # chown -R root:usbfs /proc/bus/usb
    # chmod -R g+X /proc/bus/usb
    # chown root:usbfs /proc/bus/usb/`lsusb | sed -ne "/0483:2016/s/Bus\
    \(.*\)\ Device\ \(.*\):\ .*/\1\/\2/p"`
    # chmod 660 /proc/bus/usb/`lsusb | sed -ne "/0483:2016/s/Bus\ \(.*\)\
    Device\ \(.*\):\ .*/\1\/\2/p"`
    You may need to replace lsusb with its full path, which is something like
    /sbin/lsusb or /usr/bin/lsusb depending on your distro. It might be
    necessary to put these lines into a script which is run at startup and
    resume from suspend/hibernate.
    In Fedora Core lsusb is not installed by default. To intall it just type:

    # yum install usbutils
    a.. As an alternative to the chown/chmod commands above, you can set
    mount options for usbfs with a line in /etc/fstab; an example would be
    none /proc/bus/usb usbfs
    defaults,devgid=108,devmode=0660,busgid=108,busmod e=0770,listgid=108,listmode=0660
    0 0
    where 108 is replaced with the numerical group ID of the usbfs group (you
    can determine this with something like cat /etc/group | grep usbfs |
    cut -d':' -f 3). Make sure you only have one /proc/bus/usb entry in
    /etc/fstab. See the mount(8) manpage for more information on these options.
    This is "cleaner" but seems to have a few weird issues -- see the talk page
    for details.
    a.. You may also have files in /dev/bus/usb, which the driver will try
    before /proc/bus/usb. If this is another usbfs mount point (mount shows a
    line containing /dev/bus/usb type usbfs), then simply follow the above
    instructions with /dev/bus/usb rather than /proc/bus/usb. Otherwise, you
    may be running a new kernel (i.e. 2.6.15) that makes usbfs-like files
    available through /dev/bus/usb.
    b.. On systems running udev these files are dynamically created; you can
    configure their permissions by editing a udev config file. On Debian this
    is done by changing the usb_device line of /etc/udev/permissions.rules to
    read
    SUBSYSTEM=="usb_device", MODE="0660", GROUP="usbfs"
    a.. For the beta versions only, there is a logfile, which needs to exist
    with the proper permissions:
    # touch /var/log/BSP.log && chown root:bioapi /var/log/BSP.log && chmod
    660 /var/log/BSP.log
    Miscellaneous configuration
    a.. To increase the security level (minimize false accept rate), set this
    in /etc/tfmessbsp.cfg:
    security-level="5"
    ATTENTION!
    Please see discussion section Security Level!
    Testing the driver and enrolling a fingerprint
    To test the driver and generate the file containing your fingerprint
    information, you need a sample program included with the driver. The
    compilation steps below were discovered by trial and error; if they don't
    work for you, try the binary Sample utility that came with the beta
    versions of the driver (i.e., TFMESS_BSP_LIN_1.0beta2.zip as mentioned
    above). Go to the folder where you extracted TFMESS_BSP_LIN_1.0.zip and do:

    # cd NonGUI_Sample
    Edit main.c and remove (or comment out) the line
    #include "port/bioapi_port.h"
    then add the line
    #include
    # gcc -o Sample main.c -L/usr/local/lib -lbioapi100 -DUNIX -DLITTLE_ENDIAN
    # ./Sample
    Note that Sample may only run as root, unless you've already configured
    the usbfs file permissions.
    You can try to "e"nroll (to record a fingerprint for an account) and then
    "v"erify (to test a fingerprint against the one it expects for an account).
    You'll save a step later if you use your own login username as the
    username to enroll here.
    If running ./Sample produces the error message 'BioAPI_ModuleLoad failed,
    BioAPI Error Code: 6477 (0x194d)'
    then uncommenting the line
    //BioAPI_SetGUICallbacks(gModuleHandle, NULL, NULL,TextGuiCallback,
    NULL);
    in main.c can help.
    Login via pam_bioapi
    The following explains how to add fingerprint authentiation to programs
    that use the PAM (Pluggable Authentication Modules) framework, such as
    Gnome's GDM and KDE's KDM and screensaver.

    Getting required libs & tools
    Installing pam_bioapi
    a.. Prerequisites
    On SuSE 10, I needed to install the pam-devel RPM
    In general, you will need pam itself (standard for most distros) as well
    as the pam development files (probably an optional package for your
    distro).
    a.. Get and compile the pam_bioapi module.
    Hint:
    A new version, pam_bioapi 0.3.0, with multi-finger and identification
    support can be found here.
    There's work in progress. pam_bioapi and biometrics-manager can be
    downloaded here.

    $ wget
    http://www.qrivy.net/~michael/blua/p...latest.tar.bz2
    $ tar xjf pam_bioapi-latest.tar.bz2
    $ cd pam_bioapi-0.2.1
    $ wget http://badcode.de/downloads/fingerprint.patch
    $ patch -p0 < fingerprint.patch
    If you want to, review the patch. In general you should review all code
    you download and compile, if possible.
    $ ./configure --libdir=/lib && make
    and as root
    # make install
    NOTE!
    If you get a 'rpl_malloc' error in /var/log/auth.log when trying to use the
    fingerprint reader, redo these steps and remove the related term from
    Makefile after running ./configure. (FC3, Debian etch)
    a.. If you get 'configure: error: cannot find required header:
    security/_pam_macros.h' and are on a Debian-like system, do "apt-get
    install libpam0g-dev" and try again. If you are using a Mandriva
    distribution, do "urpmi libpam0-devel" instead.
    b.. If you get 'configure: error: cannot find required header:
    security/pam_modules.h' and are on a Debian-like system, do "apt-get
    install libpam0g-dev" and try again.
    c.. If you get 'configure: error: cannot find required header: sqlite3.h'
    and are on a Debian-like system, do "apt-get install libsqlite3-dev" and
    try again.
    d.. If you get 'make: msgfmt: command not found' and are on a Debian-like
    system, do "apt-get install gettext" and try again.
    e.. If you get 'PAM [dlerror: /lib/security/pam_bioapi.so: undefined
    symbol: BioAPIMemoryFuncs]' error in your syslog, replace 'LIBS = ' line in
    libpam_bioapi/makefile with the following (of course, replace /opt/bioapi/
    with the path where you installed bioapi):
    LIBS = -L/opt/bioapi/lib -lbioapi100 -lbioapi_mds300 -lmds_util
    a.. Use the sample tool from the fingerprint reader to create
    .bir ( must be the username you want to login with. gdm
    will probably break for any login name that has no .bir file).
    b.. As root do:
    # SERIAL=`BioAPITest | sed -ne "/Fingerprint/{n;n;s/^.*:
    \(.\{9\}\)\(.\{4\}\)\(.\{4\}\)\(.\{4\}\)\(.*\)/\1-\2-\3-\4-\5/gp}"`
    # echo $SERIAL should print something like
    {5550454b-2054-464d-2f45-535320425350} now.
    If it does, do:
    # mkdir -p /etc/bioapi/pam/$SERIAL
    # cp .bir /etc/bioapi/pam/$SERIAL
    If not, you might just try
    # SERIAL={5550454b-2054-464d-2f45-535320425350}
    as this value is hardcoded into the UPEK docs.
    Configuring pam
    The following part is distribution specific. On Ubuntu or SUSE you can
    modify /etc/pam.d/common-auth (on Gentoo and Fedora Core it is
    /etc/pam.d/system-auth) to look like this:

    #
    # /etc/pam.d/common-auth - authentication settings common to all services
    #
    # This file is included from other service-specific PAM config files,
    # and should contain a list of the authentication modules that define
    # the central authentication scheme for use on the system
    # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
    # traditional Unix authentication mechanisms.
    #
    auth sufficient pam_bioapi.so
    {5550454b-2054-464d-2f45-535320425350} /etc/bioapi/pam/
    password sufficient pam_bioapi.so
    {5550454b-2054-464d-2f45-535320425350} /etc/bioapi/pam/
    auth required pam_unix.so nullok_secure




    --------------------------------------------------------------------------------

    For Gentoo-Users - this allows you to attempt a password first. If you
    simply press enter, it then prompts for a fingerprints. Create a file named
    /etc/pam.d/bioapi. This also means that remote services, such as SSH keep
    working:

    auth required pam_env.so
    auth sufficient pam_unix.so likeauth nullok
    auth sufficient pam_bioapi.so
    {5550454b-2054-464d-2f45-535320425350} /etc/bioapi/pam/
    auth required pam_deny.so

    account required pam_unix.so

    session required pam_limits.so
    session required pam_unix.so

    --------------------------------------------------------------------------------

    Now, simply replace "auth include system-auth" in all services that you
    wish to use fingerprint for with "auth include bioapi". For example,
    /etc/pam.d/kde by default contains

    auth include system-auth
    auth required pam_nologin.so

    account include system-auth

    password include system-auth

    session include system-auth
    Simply replace the first "system-auth" with bioapi and you can also get rid
    of KDE desktop lock with a fingerprint. If you do not wish to allow for
    "password fallback" then remove

    auth sufficient pam_unix.so likeauth nullok
    from /etc/pam.d/bioapi.

    ATTENTION!
    If su/sudo expects to receive the root password (SuSE 10), you need to have
    fingerprint settings for root (that is, copy in a root.bir as well as a
    your-username.bir). Otherwise, they get a segmentation fault. Which is a
    little unfortunate, given that you need to su or sudo to change your
    settings...
    ATTENTION!
    Not only SuSE 10 requires root.bir to be available for su to work. Just
    make sure you have root.bir when su is not working with your fingerprint
    reader but other applications are...
    Note that sshd may pick up the fingerprint settings from
    /etc/pam.d/common-auth. I didn't want that, so I removed the "auth include
    common-auth" line from /etc/pam.d/sshd and replaced it with the lines that
    were originally in my /etc/pam.d/common-auth. That way most local services
    use the fingerprint reader, but sshd does not.

    NOTE!
    su/sudo will call for your fingerprint even if you are remote via ssh.
    Pressing *CTLR-c* (or closing graphic window) will allow you the desired
    password option.
    Another way to do this is to create a file (/etc/pam.d/bioapi for example)
    which contains the pam_bioapi.so lines, and explicitly @include this before
    /etc/pam.d/common-auth in the files for services which should use the
    fingerprint reader. In this case you should leave /etc/pam.d/common-auth
    alone.

    NOTE!
    This was discovered through trial and success, if it is plain wrong,
    wikorrect it, please.
    In Fedora Core the original 'session' terms in /etc/pam.d/system-auth need
    to be kept.

    Hint:
    The setup described above will/could affect remote ssh logins to also use
    biometric logins, which is a bit silly (who wants to remote ssh to the
    laptop, and then have to walk over to it and swipe your finger)
    To avoid that you can copy the default /etc/pam.d/system-auth to
    /etc/pam.d/sshd which will allow the sshd service to use the standard
    authentication procedure.




    --------------------------------------------------------------------------------

    To enable normal password authorization to work with remote SSH in SUSE
    10.3, edit the /etc/pam.d/sshd file. Remove all entries and replace them
    with:

    auth required pam_env.so
    auth required pam_unix2.so
    auth required pam_nologin.so
    account required pam_unix2.so
    password required pam_pwcheck.so nullok
    password required pam_unix2.so nullok use_first_pass use_authtok
    session required pam_limits.so
    session required pam_unix2.so
    NOTE!
    These entries are what common-auth normally does. Since we've changed
    common-auth around for bioapi, these need to be specified manually. -Ransak

    --------------------------------------------------------------------------------

    You can do some useful testing with pamtester, which calls the pam modules
    as if it were a program of your choice. Examples:

    # pamtester xdm yourusername authenticate
    $ pamtester xscreensaver yourusername authenticate
    where yourusername is your username. Note that pamtester should run as root
    if and only if the program in question does.

    Application support
    The implementation of fingerprint scanning support in the relevant
    applications varies.

    Here is the behaviour of the most common ones:

    a.. In gdm enter your username and there should pop up an (ugly) image to
    swipe your finger and... magic - you can login without a password.
    b.. kdm doesn't give any visual indication, other than that the cursor
    stops blinking. Just swipe your finger and hope it lets you log in.
    c.. In xdm, enter your username and a blank password, then swipe (there
    is no popup as well). Identification support for xdm can be achieved with
    this patch.
    d.. The KDE screen saver in SUSE 10 requires you to enter an empty
    password (or select the correct user and then enter an empty password) in
    order to get the fingerprint prompt.
    e.. For Fedora users, the redhat-config tools will crash if no root.bir
    presents. Also, there won't be any visual idication unless X server is
    properly configured for root to access. Just swipe your finger when the HDD
    stopped blinking or issue the following command in advance:
    $ xhost +local:
    a.. For RHEL4 users gdm, console (virtual terminal) logins and the
    xscreensaver all work
    kdm support
    To add graphical popup to kdm, you need following:

    a.. Patch for pam_bioapi. This patch adds third parameter to
    pam_bioapi.so module, which is a name of file with additional environment
    variables that will be supplied to the UPEK driver.
    # wget http://upir.cz/linux/patches/pam_bio...-environ.patch
    # patch -p1 < pam_bioapi-0.2.1-alter-environ.patch
    a.. Edit your Xsetup file (on SUSE 10 it's /etc/X11/xdm/Xsetup) and add
    these lines:
    echo "XAUTHORITY=$XAUTHORITY" > /var/lib/xdm/kdm_env
    echo "DISPLAY=$DISPLAY" >> /var/lib/xdm/kdm_env
    a.. In /etc/pam.d/xdm file, add /var/lib/xdm/kdm_env as a third parameter
    for pam_bioapi.so module:
    auth sufficient pam_bioapi.so {5550454b-2054-464d-2f45-535320425350}
    /etc/bioapi/pam/ /var/lib/xdm/kdm_env
    a.. On Ubuntu simply do:
    echo "DISPLAY=$DISPLAY" >> /var/lib/kdm/kdm_env
    a.. If you have created /etc/pam.d/bioapi then modify:
    auth sufficient pam_bioapi.so {5550454b-2054-464d-2f45-535320425350}
    /etc/bioapi/pam/ /var/lib/kdm/kdm_env

    Please note, that this won't work if you have more than one Xserver.

    Make xscreensaver use the scanner
    If you are using Gentoo, you can get a portage overlay with the necessary
    patches here:
    http://www.zzamboni.org/brt/files/xs...overlay.tar.gz

    a.. Get the needed xscreensaver sources:
    $ wget http://www.jwz.org/xscreensaver/xscr...er-4.23.tar.gz
    $ tar xzf xscreensaver-4.23.tar.gz
    $ cd xscreensaver-4.23
    $ wget
    http://www.nax.cz/pub/bioapi/2005/xs...ativeAuth.diff
    mirror: http://zepan.org/files/xscreensaver-...ativeAuth.diff
    For xscreensaver 5.00, you can get a patch here:
    http://www.zzamboni.org/brt/files/xs...tiveauth.patch
    a.. After reviewing the patch (it's small and straightforward), do
    $ patch -p1 < xscreensaver-4.22_alternativeAuth.diff
    The patch prevents xscreensaver from opening an authentification window
    and dispatches the authentification request to another program, in our case
    pam and pam_bioapi. It should apply with some offset, don't mind that. If
    it says something about rejected though, then there's a problem.
    a.. Compile with
    $ ./configure --with-pam && make

    a.. If you receive an error like "Couldn't find X11 headers/libs" and are
    running a Debian-like system, try "apt-get install xlibs-dev"
    b.. If you receive an error like "undefined reference to
    `XmuPrintDefaultErrorMessage'" then install the libxmu-dev package and run
    the previous line again and then install as root with
    $ su -c make install .
    a.. Make sure that the newly compiled xscreensaver is used:
    $ which xscreensaver should return
    /usr/local/bin/xscreensaver .
    a.. In case it doesn't, try adjusting your PATH.
    Common problems
    Bioapi error #3
    This is sometimes caused by improper permissions. The full error message is
    "BioAPI Error Code: 3 (0x3)".

    However, at least on Gentoo, recent upgrades to glibc and gcc 4.1.1 caused
    Bioapi to break down due to some sort of incompatibility with bioapi
    registry. Reinstalling does not repair the issue automatically. However,
    you can still fix the issue manually, by removing /var/bioapi. You need to
    reinstall tfm-fingerprint driver after reinstalling bioapi so that the
    driver is properly re-registered. As root, type

    # emerge -C bioapi
    # rm -rf /var/bioapi
    # emerge -av1 bioapi tfm-fingerprint
    Retrieved from
    "http://www.thinkwiki.org/wiki/How_to_enable_the_fingerprint_reader"


    ** Posted from http://www.teranews.com **

  2. Re: Laptop fingerprint readers and linux

    On Tue, 6 May 2008 19:22:40 -0400, Ezekiel wrote:

    > Many new laptops have a fingerprint reader where you can just 'swipe' your
    > finger of the pad and presto... you're logged in.
    >
    > Wow. What a freakin mess. With Windows this "just works" out of the box.
    > With linux, it's worse than a nightmare. I'd say that most "geeks" have
    > little to no chance of getting this to work. Normal people... fuhget bout
    > it.
    >
    >
    > http://www.thinkwiki.org/wiki/How_to...erprint_reader
    >
    >
    > This page describes the process of getting the integrated fingerprint
    > reader to work under Linux, using bioapi and binary-only drivers. It is
    > based on experiences in Ubuntu on a T43. The same works on Fedora Core 4
    > and 5, RHEL4, SuSE 9.3, SuSE 10, and Gentoo. Note that experimental
    > open-source driver is available, see the apropriate page for details.
    >
    >
    > Basic installation
    > Installing the bioapi framework
    > Automated installation script
    > The Script for enabling the fingerprint reader automates the installation
    > of most components (bioapi framework, driver, pam_bioapi, pam setup, device
    > permissions, pamtester and enrolling), for some Linux distributions.
    >
    > Binary packages
    > Note that these packages only take care of this one section. If you can use
    > one, you should do so and then proceed to the section entitled, Installing
    > and Configuring the Driver.
    >
    > Debian/ Ubuntu Dapper
    > a.. If you're using Debian Sid (the unstable branch) or Ubuntu Dapper
    > Drake 6.06 LTS you can try the packages from Michael R. Crusoe's site,
    > either version 1.2.3 (recommended) or older versions which might not work
    > with the steps in this howto.
    > Hint:
    > Ignore the warning about not finding /usr/lib/libqtpwbsp.so, it's not
    > fatal.
    > Gentoo
    > Gentoo now includes needed ebuilds. Just run
    >
    > ACCEPT_KEYWORDS=~x86 emerge pam_bioapi
    >
    > You can also grab the ebuild, or use the source-install procedure below.
    >
    > Also see http://toe.ch/~tsa/ibm-fingerprint/ for alternative documentation
    > on installing on Gentoo including ebuilds for all the packages used.
    >
    > Fedora Core
    > RPM packages for Fedora Core and installation instructions are available
    > here
    >
    > Installing from source
    > Hint:
    > For ubuntu (Gutsy) you'll need at least the: build-essential automake
    > packages, or building will fail.
    >
    > a.. Get the bioapi source:
    > $ wget http://bioapi-linux.googlecode.com/f...i_1.2.3.tar.gz
    > a.. I could not compile bioapi with the graphical Qt tools. To do it
    > manually, do the following:
    > $ tar xzf bioapi_1.2.3.tar.gz
    > $ cd bioapi-1.2.3
    > $ ./configure --with-Qt-dir=no
    > $ make
    > and then as root
    > # make install
    > If make install fails, be sure you're root and then:
    > # export LD_LIBRARY_PATH=/usr/local/lib
    > # make install
    > and if you want to compile pam_bioapi for auth later
    > # cp include/bioapi_util.h include/installdefs.h
    > imports/cdsa/v2_0/inc/cssmtype.h /usr/include
    > Be aware that checkinstall will not work!
    > (I got through configure with Qt, but got a cryptic build error. It all
    > worked fine with Qt disabled as above)
    > buzz: This is due to a wrong qt include path, set it manually in
    > configure and everything should work.
    > sbarre: I got it to work by doing the following quick hack :
    > ->in the configure script, line 25975, there is clearly a bug (specify a
    > directory instead of a library), thus I replaced the
    > '-l$bnv_qt_lib_dir' with a '-L$bnv_qt_lib_dir'
    >
    > -> At the same lines, the $LIBS suffers from a misconstruction (I
    > obtained a -l without anything after, which causes an error from gcc). I
    > think the problems comes from the design of the script : if we do something
    > like $LIBS=$LIBS -l$something. We MUST be sure that $something is defined.
    > Since I have no time to fully debug it, I completely replaced the line
    > 25975 with the libraries that worked for my system (probably quite current
    > in fact) :
    > bnv_qt_LIBS="-L$bnv_qt_lib_dir -lqt-mt -lSM -lICE -lX11 -lXext -lXmu -lXt
    > -lXi"
    > -> This should make configure to work. Then, when typing 'make', the
    > configure script is regenerated, thus you should also update the m4 script
    > that is responsible for those problems : in file m4/bnv_have_qt.m4, change
    > line 106 with :
    > QT_LIBS="-lqt-mt -lSM -lICE -lX11 -lXext -lXmu -lXt -lXi"
    > a.. Bioapi (at least version 1.2.2) doesn't compile with GCC4. You need
    > to patch it:
    > b.. This is neccessary to compile on SUSE 10.1 which it using gcc version
    > 4.1.0.
    > $ wget http://upir.cz/linux/patches/bioapi-1.2.2-gcc4.patch
    > $ patch -p1 < bioapi-1.2.2-gcc4.patch
    > a.. Patch for gcc 4.1 is available here -
    > http://cvs.pld-linux.org/cgi-bin/cvs....patch?rev=1.3
    > b.. By default, bioapi will install numerous files in
    > /usr/local/{bin,lib,include}, including files with "self-explanatory" names
    > such as /usr/local/bin/Sample. To prevent this pollution:
    > Create a dedicated directory, for example /opt/bioapi .
    > Append --prefix=/opt/bioapi to the above ./configure command.
    > Append /opt/bioapi/bin to $PATH and /opt/bioapi/lib to $LD_LIBRARY_PATH.
    > When installing the driver (below), tell it the new install path: # sh
    > install.sh /opt/bioapi/lib
    > Adjusting ldconfigs library search path
    > At least on Fedora Core or Aurox Linux 11, you may need to add
    > /usr/local/lib to the library path so that the libraries referenced from
    > pam_bioapi.so get picked up properly. The usual way to do this is adding it
    > to the ldconfig configuration:
    >
    > # echo '/usr/local/lib' > /etc/ld.so.conf.d/bioapi.conf
    > # ldconfig
    > Alternatively you can add it to the LD_LIBRARY variable.
    >
    > If you see bioapi libs in the output of
    >
    > # ldconfig -p
    > then it should work.
    >
    > Installing and configuring the driver
    > Installing the driver
    > a.. Download TFMESS_BSP_LIN_1.0.zip from the UPEK support site and unzip
    > it into a seperate folder, as it will not create one.
    > b.. Change to that folder and do as root:
    > # sh install.sh
    > If you're running Gentoo, Debian or Ubuntu Dapper, use
    > # sh install.sh /usr/lib
    > Hint:
    > For me it didn't work this way, but following did:
    >
    > sh install.sh /usr/local/lib
    > greetings, tec
    >
    > Hint:
    > On my debian install I had to "cp libtfmessbsp.so /usr/lib" to avoid a
    > errormessage during "sh install.sh /usr/lib": "Could not find
    > file:/usr/lib/libtfmessbsp.so"
    > If that fails, it may be that make install failed up above -- try setting
    > LD_LIBRARY_PATH, do the make install again, and come back here and try this
    > again. You also need mod_install from bioapi in your PATH.
    > May there still occures and error, which means mod_install: command not
    > found.
    > Then login as root - not su!
    > Do this:
    > # sh install.sh
    > again. It should work. SU to root does not work since then the
    > /usr/local/bin directory is not used per default.
    > Configuring permissions for non-root use
    > If you want to use PAM-aware applications like xscreensaver that are NOT
    > running with root permissions (as opposed to login, gdm or other
    > authentication mechanisms), you may need to do all or at least some of the
    > things in this section. More details on what is necessary on which
    > distributions would be greately appreciated.
    >
    > a.. Create two groups, one for access to BioAPI files and the other for
    > access to the usb files. (This is done for full generality; i.e., you may
    > have other USB devices which you want accessable to other users, without
    > exposing your BioAPI configuration to them). Add your normal user (the one
    > you wish to use PAM-aware applications with) to both of these groups.
    > On Debian this is done with
    >
    > # addgroup --system bioapi
    > # addgroup --system usbfs
    > # adduser yournormaluser bioapi
    > # adduser yournormaluser usbfs
    > On SUSE this is done with
    >
    > # groupadd --system bioapi
    > # groupadd --system usbfs
    > # groupmod -A yournormaluser bioapi
    > # groupmod -A yournormaluser usbfs
    > On Mandriva this is done with
    >
    > # groupadd -r bioapi
    > # groupadd -r usbfs
    > # usermod -G bioapi,usbfs yournormaluser
    > On Fedora Core this is done with
    >
    > # groupadd bioapi
    > # groupadd usbfs
    > # usermod -G bioapi,usbfs yournormaluser
    > (where yournormaluser is your normal user name). You will need to log out
    > and log back in for this to take effect.
    > a.. Set permissions on the BioAPI config/registry directory:
    > # chown -R root:bioapi /usr/local/var/bioapi/
    > # chmod -R 770 /usr/local/var/bioapi/
    > (change this path if you used an alternate BioAPI install directory
    > above)
    > a.. Set permissions on the files in /proc/bus/usb:
    > # chown -R root:usbfs /proc/bus/usb
    > # chmod -R g+X /proc/bus/usb
    > # chown root:usbfs /proc/bus/usb/`lsusb | sed -ne "/0483:2016/s/Bus\
    > \(.*\)\ Device\ \(.*\):\ .*/\1\/\2/p"`
    > # chmod 660 /proc/bus/usb/`lsusb | sed -ne "/0483:2016/s/Bus\ \(.*\)\
    > Device\ \(.*\):\ .*/\1\/\2/p"`
    > You may need to replace lsusb with its full path, which is something like
    > /sbin/lsusb or /usr/bin/lsusb depending on your distro. It might be
    > necessary to put these lines into a script which is run at startup and
    > resume from suspend/hibernate.
    > In Fedora Core lsusb is not installed by default. To intall it just type:
    >
    > # yum install usbutils
    > a.. As an alternative to the chown/chmod commands above, you can set
    > mount options for usbfs with a line in /etc/fstab; an example would be
    > none /proc/bus/usb usbfs
    > defaults,devgid=108,devmode=0660,busgid=108,busmod e=0770,listgid=108,listmode=0660
    > 0 0
    > where 108 is replaced with the numerical group ID of the usbfs group (you
    > can determine this with something like cat /etc/group | grep usbfs |
    > cut -d':' -f 3). Make sure you only have one /proc/bus/usb entry in
    > /etc/fstab. See the mount(8) manpage for more information on these options.
    > This is "cleaner" but seems to have a few weird issues -- see the talk page
    > for details.
    > a.. You may also have files in /dev/bus/usb, which the driver will try
    > before /proc/bus/usb. If this is another usbfs mount point (mount shows a
    > line containing /dev/bus/usb type usbfs), then simply follow the above
    > instructions with /dev/bus/usb rather than /proc/bus/usb. Otherwise, you
    > may be running a new kernel (i.e. 2.6.15) that makes usbfs-like files
    > available through /dev/bus/usb.
    > b.. On systems running udev these files are dynamically created; you can
    > configure their permissions by editing a udev config file. On Debian this
    > is done by changing the usb_device line of /etc/udev/permissions.rules to
    > read
    > SUBSYSTEM=="usb_device", MODE="0660", GROUP="usbfs"
    > a.. For the beta versions only, there is a logfile, which needs to exist
    > with the proper permissions:
    > # touch /var/log/BSP.log && chown root:bioapi /var/log/BSP.log && chmod
    > 660 /var/log/BSP.log
    > Miscellaneous configuration
    > a.. To increase the security level (minimize false accept rate), set this
    > in /etc/tfmessbsp.cfg:
    > security-level="5"
    > ATTENTION!
    > Please see discussion section Security Level!
    > Testing the driver and enrolling a fingerprint
    > To test the driver and generate the file containing your fingerprint
    > information, you need a sample program included with the driver. The
    > compilation steps below were discovered by trial and error; if they don't
    > work for you, try the binary Sample utility that came with the beta
    > versions of the driver (i.e., TFMESS_BSP_LIN_1.0beta2.zip as mentioned
    > above). Go to the folder where you extracted TFMESS_BSP_LIN_1.0.zip and do:
    >
    > # cd NonGUI_Sample
    > Edit main.c and remove (or comment out) the line
    > #include "port/bioapi_port.h"
    > then add the line
    > #include
    > # gcc -o Sample main.c -L/usr/local/lib -lbioapi100 -DUNIX -DLITTLE_ENDIAN
    > # ./Sample
    > Note that Sample may only run as root, unless you've already configured
    > the usbfs file permissions.
    > You can try to "e"nroll (to record a fingerprint for an account) and then
    > "v"erify (to test a fingerprint against the one it expects for an account).
    > You'll save a step later if you use your own login username as the
    > username to enroll here.
    > If running ./Sample produces the error message 'BioAPI_ModuleLoad failed,
    > BioAPI Error Code: 6477 (0x194d)'
    > then uncommenting the line
    > //BioAPI_SetGUICallbacks(gModuleHandle, NULL, NULL,TextGuiCallback,
    > NULL);
    > in main.c can help.
    > Login via pam_bioapi
    > The following explains how to add fingerprint authentiation to programs
    > that use the PAM (Pluggable Authentication Modules) framework, such as
    > Gnome's GDM and KDE's KDM and screensaver.
    >
    > Getting required libs & tools
    > Installing pam_bioapi
    > a.. Prerequisites
    > On SuSE 10, I needed to install the pam-devel RPM
    > In general, you will need pam itself (standard for most distros) as well
    > as the pam development files (probably an optional package for your
    > distro).
    > a.. Get and compile the pam_bioapi module.
    > Hint:
    > A new version, pam_bioapi 0.3.0, with multi-finger and identification
    > support can be found here.
    > There's work in progress. pam_bioapi and biometrics-manager can be
    > downloaded here.
    >
    > $ wget
    > http://www.qrivy.net/~michael/blua/p...latest.tar.bz2
    > $ tar xjf pam_bioapi-latest.tar.bz2
    > $ cd pam_bioapi-0.2.1
    > $ wget http://badcode.de/downloads/fingerprint.patch
    > $ patch -p0 < fingerprint.patch
    > If you want to, review the patch. In general you should review all code
    > you download and compile, if possible.
    > $ ./configure --libdir=/lib && make
    > and as root
    > # make install
    > NOTE!
    > If you get a 'rpl_malloc' error in /var/log/auth.log when trying to use the
    > fingerprint reader, redo these steps and remove the related term from
    > Makefile after running ./configure. (FC3, Debian etch)
    > a.. If you get 'configure: error: cannot find required header:
    > security/_pam_macros.h' and are on a Debian-like system, do "apt-get
    > install libpam0g-dev" and try again. If you are using a Mandriva
    > distribution, do "urpmi libpam0-devel" instead.
    > b.. If you get 'configure: error: cannot find required header:
    > security/pam_modules.h' and are on a Debian-like system, do "apt-get
    > install libpam0g-dev" and try again.
    > c.. If you get 'configure: error: cannot find required header: sqlite3.h'
    > and are on a Debian-like system, do "apt-get install libsqlite3-dev" and
    > try again.
    > d.. If you get 'make: msgfmt: command not found' and are on a Debian-like
    > system, do "apt-get install gettext" and try again.
    > e.. If you get 'PAM [dlerror: /lib/security/pam_bioapi.so: undefined
    > symbol: BioAPIMemoryFuncs]' error in your syslog, replace 'LIBS = ' line in
    > libpam_bioapi/makefile with the following (of course, replace /opt/bioapi/
    > with the path where you installed bioapi):
    > LIBS = -L/opt/bioapi/lib -lbioapi100 -lbioapi_mds300 -lmds_util
    > a.. Use the sample tool from the fingerprint reader to create
    > .bir ( must be the username you want to login with. gdm
    > will probably break for any login name that has no .bir file).
    > b.. As root do:
    > # SERIAL=`BioAPITest | sed -ne "/Fingerprint/{n;n;s/^.*:
    > \(.\{9\}\)\(.\{4\}\)\(.\{4\}\)\(.\{4\}\)\(.*\)/\1-\2-\3-\4-\5/gp}"`
    > # echo $SERIAL should print something like
    > {5550454b-2054-464d-2f45-535320425350} now.
    > If it does, do:
    > # mkdir -p /etc/bioapi/pam/$SERIAL
    > # cp .bir /etc/bioapi/pam/$SERIAL
    > If not, you might just try
    > # SERIAL={5550454b-2054-464d-2f45-535320425350}
    > as this value is hardcoded into the UPEK docs.
    > Configuring pam
    > The following part is distribution specific. On Ubuntu or SUSE you can
    > modify /etc/pam.d/common-auth (on Gentoo and Fedora Core it is
    > /etc/pam.d/system-auth) to look like this:
    >
    > #
    > # /etc/pam.d/common-auth - authentication settings common to all services
    > #
    > # This file is included from other service-specific PAM config files,
    > # and should contain a list of the authentication modules that define
    > # the central authentication scheme for use on the system
    > # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
    > # traditional Unix authentication mechanisms.
    > #
    > auth sufficient pam_bioapi.so
    > {5550454b-2054-464d-2f45-535320425350} /etc/bioapi/pam/
    > password sufficient pam_bioapi.so
    > {5550454b-2054-464d-2f45-535320425350} /etc/bioapi/pam/
    > auth required pam_unix.so nullok_secure
    >
    >
    >
    >
    > --------------------------------------------------------------------------------
    >
    > For Gentoo-Users - this allows you to attempt a password first. If you
    > simply press enter, it then prompts for a fingerprints. Create a file named
    > /etc/pam.d/bioapi. This also means that remote services, such as SSH keep
    > working:
    >
    > auth required pam_env.so
    > auth sufficient pam_unix.so likeauth nullok
    > auth sufficient pam_bioapi.so
    > {5550454b-2054-464d-2f45-535320425350} /etc/bioapi/pam/
    > auth required pam_deny.so
    >
    > account required pam_unix.so
    >
    > session required pam_limits.so
    > session required pam_unix.so
    >
    > --------------------------------------------------------------------------------
    >
    > Now, simply replace "auth include system-auth" in all services that you
    > wish to use fingerprint for with "auth include bioapi". For example,
    > /etc/pam.d/kde by default contains
    >
    > auth include system-auth
    > auth required pam_nologin.so
    >
    > account include system-auth
    >
    > password include system-auth
    >
    > session include system-auth
    > Simply replace the first "system-auth" with bioapi and you can also get rid
    > of KDE desktop lock with a fingerprint. If you do not wish to allow for
    > "password fallback" then remove
    >
    > auth sufficient pam_unix.so likeauth nullok
    > from /etc/pam.d/bioapi.
    >
    > ATTENTION!
    > If su/sudo expects to receive the root password (SuSE 10), you need to have
    > fingerprint settings for root (that is, copy in a root.bir as well as a
    > your-username.bir). Otherwise, they get a segmentation fault. Which is a
    > little unfortunate, given that you need to su or sudo to change your
    > settings...
    > ATTENTION!
    > Not only SuSE 10 requires root.bir to be available for su to work. Just
    > make sure you have root.bir when su is not working with your fingerprint
    > reader but other applications are...
    > Note that sshd may pick up the fingerprint settings from
    > /etc/pam.d/common-auth. I didn't want that, so I removed the "auth include
    > common-auth" line from /etc/pam.d/sshd and replaced it with the lines that
    > were originally in my /etc/pam.d/common-auth. That way most local services
    > use the fingerprint reader, but sshd does not.
    >
    > NOTE!
    > su/sudo will call for your fingerprint even if you are remote via ssh.
    > Pressing *CTLR-c* (or closing graphic window) will allow you the desired
    > password option.
    > Another way to do this is to create a file (/etc/pam.d/bioapi for example)
    > which contains the pam_bioapi.so lines, and explicitly @include this before
    > /etc/pam.d/common-auth in the files for services which should use the
    > fingerprint reader. In this case you should leave /etc/pam.d/common-auth
    > alone.
    >
    > NOTE!
    > This was discovered through trial and success, if it is plain wrong,
    > wikorrect it, please.
    > In Fedora Core the original 'session' terms in /etc/pam.d/system-auth need
    > to be kept.
    >
    > Hint:
    > The setup described above will/could affect remote ssh logins to also use
    > biometric logins, which is a bit silly (who wants to remote ssh to the
    > laptop, and then have to walk over to it and swipe your finger)
    > To avoid that you can copy the default /etc/pam.d/system-auth to
    > /etc/pam.d/sshd which will allow the sshd service to use the standard
    > authentication procedure.
    >
    >
    >
    >
    > --------------------------------------------------------------------------------
    >
    > To enable normal password authorization to work with remote SSH in SUSE
    > 10.3, edit the /etc/pam.d/sshd file. Remove all entries and replace them
    > with:
    >
    > auth required pam_env.so
    > auth required pam_unix2.so
    > auth required pam_nologin.so
    > account required pam_unix2.so
    > password required pam_pwcheck.so nullok
    > password required pam_unix2.so nullok use_first_pass use_authtok
    > session required pam_limits.so
    > session required pam_unix2.so
    > NOTE!
    > These entries are what common-auth normally does. Since we've changed
    > common-auth around for bioapi, these need to be specified manually. -Ransak
    >
    > --------------------------------------------------------------------------------
    >
    > You can do some useful testing with pamtester, which calls the pam modules
    > as if it were a program of your choice. Examples:
    >
    > # pamtester xdm yourusername authenticate
    > $ pamtester xscreensaver yourusername authenticate
    > where yourusername is your username. Note that pamtester should run as root
    > if and only if the program in question does.
    >
    > Application support
    > The implementation of fingerprint scanning support in the relevant
    > applications varies.
    >
    > Here is the behaviour of the most common ones:
    >
    > a.. In gdm enter your username and there should pop up an (ugly) image to
    > swipe your finger and... magic - you can login without a password.
    > b.. kdm doesn't give any visual indication, other than that the cursor
    > stops blinking. Just swipe your finger and hope it lets you log in.
    > c.. In xdm, enter your username and a blank password, then swipe (there
    > is no popup as well). Identification support for xdm can be achieved with
    > this patch.
    > d.. The KDE screen saver in SUSE 10 requires you to enter an empty
    > password (or select the correct user and then enter an empty password) in
    > order to get the fingerprint prompt.
    > e.. For Fedora users, the redhat-config tools will crash if no root.bir
    > presents. Also, there won't be any visual idication unless X server is
    > properly configured for root to access. Just swipe your finger when the HDD
    > stopped blinking or issue the following command in advance:
    > $ xhost +local:
    > a.. For RHEL4 users gdm, console (virtual terminal) logins and the
    > xscreensaver all work
    > kdm support
    > To add graphical popup to kdm, you need following:
    >
    > a.. Patch for pam_bioapi. This patch adds third parameter to
    > pam_bioapi.so module, which is a name of file with additional environment
    > variables that will be supplied to the UPEK driver.
    > # wget http://upir.cz/linux/patches/pam_bio...-environ.patch
    > # patch -p1 < pam_bioapi-0.2.1-alter-environ.patch
    > a.. Edit your Xsetup file (on SUSE 10 it's /etc/X11/xdm/Xsetup) and add
    > these lines:
    > echo "XAUTHORITY=$XAUTHORITY" > /var/lib/xdm/kdm_env
    > echo "DISPLAY=$DISPLAY" >> /var/lib/xdm/kdm_env
    > a.. In /etc/pam.d/xdm file, add /var/lib/xdm/kdm_env as a third parameter
    > for pam_bioapi.so module:
    > auth sufficient pam_bioapi.so {5550454b-2054-464d-2f45-535320425350}
    > /etc/bioapi/pam/ /var/lib/xdm/kdm_env
    > a.. On Ubuntu simply do:
    > echo "DISPLAY=$DISPLAY" >> /var/lib/kdm/kdm_env
    > a.. If you have created /etc/pam.d/bioapi then modify:
    > auth sufficient pam_bioapi.so {5550454b-2054-464d-2f45-535320425350}
    > /etc/bioapi/pam/ /var/lib/kdm/kdm_env
    >
    > Please note, that this won't work if you have more than one Xserver.
    >
    > Make xscreensaver use the scanner
    > If you are using Gentoo, you can get a portage overlay with the necessary
    > patches here:
    > http://www.zzamboni.org/brt/files/xs...overlay.tar.gz
    >
    > a.. Get the needed xscreensaver sources:
    > $ wget http://www.jwz.org/xscreensaver/xscr...er-4.23.tar.gz
    > $ tar xzf xscreensaver-4.23.tar.gz
    > $ cd xscreensaver-4.23
    > $ wget
    > http://www.nax.cz/pub/bioapi/2005/xs...ativeAuth.diff
    > mirror: http://zepan.org/files/xscreensaver-...ativeAuth.diff
    > For xscreensaver 5.00, you can get a patch here:
    > http://www.zzamboni.org/brt/files/xs...tiveauth.patch
    > a.. After reviewing the patch (it's small and straightforward), do
    > $ patch -p1 < xscreensaver-4.22_alternativeAuth.diff
    > The patch prevents xscreensaver from opening an authentification window
    > and dispatches the authentification request to another program, in our case
    > pam and pam_bioapi. It should apply with some offset, don't mind that. If
    > it says something about rejected though, then there's a problem.
    > a.. Compile with
    > $ ./configure --with-pam && make
    >
    > a.. If you receive an error like "Couldn't find X11 headers/libs" and are
    > running a Debian-like system, try "apt-get install xlibs-dev"
    > b.. If you receive an error like "undefined reference to
    > `XmuPrintDefaultErrorMessage'" then install the libxmu-dev package and run
    > the previous line again and then install as root with
    > $ su -c make install .
    > a.. Make sure that the newly compiled xscreensaver is used:
    > $ which xscreensaver should return
    > /usr/local/bin/xscreensaver .
    > a.. In case it doesn't, try adjusting your PATH.
    > Common problems
    > Bioapi error #3
    > This is sometimes caused by improper permissions. The full error message is
    > "BioAPI Error Code: 3 (0x3)".
    >
    > However, at least on Gentoo, recent upgrades to glibc and gcc 4.1.1 caused
    > Bioapi to break down due to some sort of incompatibility with bioapi
    > registry. Reinstalling does not repair the issue automatically. However,
    > you can still fix the issue manually, by removing /var/bioapi. You need to
    > reinstall tfm-fingerprint driver after reinstalling bioapi so that the
    > driver is properly re-registered. As root, type
    >
    > # emerge -C bioapi
    > # rm -rf /var/bioapi
    > # emerge -av1 bioapi tfm-fingerprint
    > Retrieved from
    > "http://www.thinkwiki.org/wiki/How_to_enable_the_fingerprint_reader"
    >


    Ain't Linux wonderful????

    Face it, Linux can't even manage to fully utilize the power saving
    abilities of many current laptops, what chance does it have of working
    correctly out of the box with finger print readers?

    Linux, which has the uncanny ability to turn a 6 button laser mouse into a
    2 button basic mouse.

    Linux, free for the taking yet still sitting at 0.6 percent of desktop
    market share.

    Linux, it's free, when your time has no value.

    Poor Linux, it's all dressed up for prom night but still doesn't have a
    date.



    --
    Moshe Goldfarb
    Collector of soaps from around the globe.
    Please visit The Hall of Linux Idiots:
    http://linuxidiots.blogspot.com/

  3. Re: Laptop fingerprint readers and linux

    Moshe Goldfarb is flatfish (in real life Gary Stewart)

    http://colatrolls.blogspot.com/2008/...arb-troll.html
    http://colatrolls.blogspot.com/2007/...ish-troll.html

    Traits:

    * Nym shifting (see below)
    * Self confessed thief and proud of it
    * Homophobic
    * Racist
    * Habitual liar
    * Frequently cross posts replies to other non-Linux related newsgroups
    * Frequently cross posts articles originally not posted to COLA

  4. Re: Laptop fingerprint readers and linux


    "Moshe Goldfarb" wrote in message
    news:1fzisepbk8i9u$.8m59bpvibd2h$.dlg@40tude.net.. .
    > On Tue, 6 May 2008 19:22:40 -0400, Ezekiel wrote:
    >
    >> Many new laptops have a fingerprint reader where you can just 'swipe'
    >> your
    >> finger of the pad and presto... you're logged in.
    >>
    >> Wow. What a freakin mess. With Windows this "just works" out of the box.
    >> With linux, it's worse than a nightmare. I'd say that most "geeks" have
    >> little to no chance of getting this to work. Normal people... fuhget
    >> bout
    >> it.
    >>
    >>
    >> http://www.thinkwiki.org/wiki/How_to...erprint_reader
    >>
    >>
    >> This page describes the process of getting the integrated
    >> fingerprint
    >> reader to work under Linux, using bioapi and binary-only drivers. It is
    >> based on experiences in Ubuntu on a T43. The same works on Fedora Core 4
    >> and 5, RHEL4, SuSE 9.3, SuSE 10, and Gentoo. Note that experimental
    >> open-source driver is available, see the apropriate page for details.
    >>
    >>
    >> Basic installation
    >> Installing the bioapi framework
    >> Automated installation script
    >> The Script for enabling the fingerprint reader automates the
    >> installation
    >> of most components (bioapi framework, driver, pam_bioapi, pam setup,
    >> device
    >> permissions, pamtester and enrolling), for some Linux distributions.
    >>
    >> Binary packages
    >> Note that these packages only take care of this one section. If you can
    >> use
    >> one, you should do so and then proceed to the section entitled,
    >> Installing
    >> and Configuring the Driver.
    >>
    >> Debian/ Ubuntu Dapper
    >> a.. If you're using Debian Sid (the unstable branch) or Ubuntu Dapper
    >> Drake 6.06 LTS you can try the packages from Michael R. Crusoe's site,
    >> either version 1.2.3 (recommended) or older versions which might not
    >> work
    >> with the steps in this howto.
    >> Hint:
    >> Ignore the warning about not finding /usr/lib/libqtpwbsp.so, it's not
    >> fatal.
    >> Gentoo
    >> Gentoo now includes needed ebuilds. Just run
    >>
    >> ACCEPT_KEYWORDS=~x86 emerge pam_bioapi
    >>
    >> You can also grab the ebuild, or use the source-install procedure below.
    >>
    >> Also see http://toe.ch/~tsa/ibm-fingerprint/ for alternative
    >> documentation
    >> on installing on Gentoo including ebuilds for all the packages used.
    >>
    >> Fedora Core
    >> RPM packages for Fedora Core and installation instructions are available
    >> here
    >>
    >> Installing from source
    >> Hint:
    >> For ubuntu (Gutsy) you'll need at least the: build-essential automake
    >> packages, or building will fail.
    >>
    >> a.. Get the bioapi source:
    >> $ wget http://bioapi-linux.googlecode.com/f...i_1.2.3.tar.gz
    >> a.. I could not compile bioapi with the graphical Qt tools. To do it
    >> manually, do the following:
    >> $ tar xzf bioapi_1.2.3.tar.gz
    >> $ cd bioapi-1.2.3
    >> $ ./configure --with-Qt-dir=no
    >> $ make
    >> and then as root
    >> # make install
    >> If make install fails, be sure you're root and then:
    >> # export LD_LIBRARY_PATH=/usr/local/lib
    >> # make install
    >> and if you want to compile pam_bioapi for auth later
    >> # cp include/bioapi_util.h include/installdefs.h
    >> imports/cdsa/v2_0/inc/cssmtype.h /usr/include
    >> Be aware that checkinstall will not work!
    >> (I got through configure with Qt, but got a cryptic build error. It
    >> all
    >> worked fine with Qt disabled as above)
    >> buzz: This is due to a wrong qt include path, set it manually in
    >> configure and everything should work.
    >> sbarre: I got it to work by doing the following quick hack :
    >> ->in the configure script, line 25975, there is clearly a bug (specify
    >> a
    >> directory instead of a library), thus I replaced the
    >> '-l$bnv_qt_lib_dir' with a '-L$bnv_qt_lib_dir'
    >>
    >> -> At the same lines, the $LIBS suffers from a misconstruction (I
    >> obtained a -l without anything after, which causes an error from gcc). I
    >> think the problems comes from the design of the script : if we do
    >> something
    >> like $LIBS=$LIBS -l$something. We MUST be sure that $something is
    >> defined.
    >> Since I have no time to fully debug it, I completely replaced the line
    >> 25975 with the libraries that worked for my system (probably quite
    >> current
    >> in fact) :
    >> bnv_qt_LIBS="-L$bnv_qt_lib_dir -lqt-mt -lSM -lICE -lX11 -lXext -lXmu -lXt
    >> -lXi"
    >> -> This should make configure to work. Then, when typing 'make', the
    >> configure script is regenerated, thus you should also update the m4
    >> script
    >> that is responsible for those problems : in file m4/bnv_have_qt.m4,
    >> change
    >> line 106 with :
    >> QT_LIBS="-lqt-mt -lSM -lICE -lX11 -lXext -lXmu -lXt -lXi"
    >> a.. Bioapi (at least version 1.2.2) doesn't compile with GCC4. You
    >> need
    >> to patch it:
    >> b.. This is neccessary to compile on SUSE 10.1 which it using gcc
    >> version
    >> 4.1.0.
    >> $ wget http://upir.cz/linux/patches/bioapi-1.2.2-gcc4.patch
    >> $ patch -p1 < bioapi-1.2.2-gcc4.patch
    >> a.. Patch for gcc 4.1 is available here -
    >> http://cvs.pld-linux.org/cgi-bin/cvs....patch?rev=1.3
    >> b.. By default, bioapi will install numerous files in
    >> /usr/local/{bin,lib,include}, including files with "self-explanatory"
    >> names
    >> such as /usr/local/bin/Sample. To prevent this pollution:
    >> Create a dedicated directory, for example /opt/bioapi .
    >> Append --prefix=/opt/bioapi to the above ./configure command.
    >> Append /opt/bioapi/bin to $PATH and /opt/bioapi/lib to
    >> $LD_LIBRARY_PATH.
    >> When installing the driver (below), tell it the new install path: # sh
    >> install.sh /opt/bioapi/lib
    >> Adjusting ldconfigs library search path
    >> At least on Fedora Core or Aurox Linux 11, you may need to add
    >> /usr/local/lib to the library path so that the libraries referenced from
    >> pam_bioapi.so get picked up properly. The usual way to do this is adding
    >> it
    >> to the ldconfig configuration:
    >>
    >> # echo '/usr/local/lib' > /etc/ld.so.conf.d/bioapi.conf
    >> # ldconfig
    >> Alternatively you can add it to the LD_LIBRARY variable.
    >>
    >> If you see bioapi libs in the output of
    >>
    >> # ldconfig -p
    >> then it should work.
    >>
    >> Installing and configuring the driver
    >> Installing the driver
    >> a.. Download TFMESS_BSP_LIN_1.0.zip from the UPEK support site and
    >> unzip
    >> it into a seperate folder, as it will not create one.
    >> b.. Change to that folder and do as root:
    >> # sh install.sh
    >> If you're running Gentoo, Debian or Ubuntu Dapper, use
    >> # sh install.sh /usr/lib
    >> Hint:
    >> For me it didn't work this way, but following did:
    >>
    >> sh install.sh /usr/local/lib
    >> greetings, tec
    >>
    >> Hint:
    >> On my debian install I had to "cp libtfmessbsp.so /usr/lib" to avoid a
    >> errormessage during "sh install.sh /usr/lib": "Could not find
    >> file:/usr/lib/libtfmessbsp.so"
    >> If that fails, it may be that make install failed up above -- try
    >> setting
    >> LD_LIBRARY_PATH, do the make install again, and come back here and try
    >> this
    >> again. You also need mod_install from bioapi in your PATH.
    >> May there still occures and error, which means mod_install: command
    >> not
    >> found.
    >> Then login as root - not su!
    >> Do this:
    >> # sh install.sh
    >> again. It should work. SU to root does not work since then the
    >> /usr/local/bin directory is not used per default.
    >> Configuring permissions for non-root use
    >> If you want to use PAM-aware applications like xscreensaver that are NOT
    >> running with root permissions (as opposed to login, gdm or other
    >> authentication mechanisms), you may need to do all or at least some of
    >> the
    >> things in this section. More details on what is necessary on which
    >> distributions would be greately appreciated.
    >>
    >> a.. Create two groups, one for access to BioAPI files and the other
    >> for
    >> access to the usb files. (This is done for full generality; i.e., you
    >> may
    >> have other USB devices which you want accessable to other users, without
    >> exposing your BioAPI configuration to them). Add your normal user (the
    >> one
    >> you wish to use PAM-aware applications with) to both of these groups.
    >> On Debian this is done with
    >>
    >> # addgroup --system bioapi
    >> # addgroup --system usbfs
    >> # adduser yournormaluser bioapi
    >> # adduser yournormaluser usbfs
    >> On SUSE this is done with
    >>
    >> # groupadd --system bioapi
    >> # groupadd --system usbfs
    >> # groupmod -A yournormaluser bioapi
    >> # groupmod -A yournormaluser usbfs
    >> On Mandriva this is done with
    >>
    >> # groupadd -r bioapi
    >> # groupadd -r usbfs
    >> # usermod -G bioapi,usbfs yournormaluser
    >> On Fedora Core this is done with
    >>
    >> # groupadd bioapi
    >> # groupadd usbfs
    >> # usermod -G bioapi,usbfs yournormaluser
    >> (where yournormaluser is your normal user name). You will need to log
    >> out
    >> and log back in for this to take effect.
    >> a.. Set permissions on the BioAPI config/registry directory:
    >> # chown -R root:bioapi /usr/local/var/bioapi/
    >> # chmod -R 770 /usr/local/var/bioapi/
    >> (change this path if you used an alternate BioAPI install directory
    >> above)
    >> a.. Set permissions on the files in /proc/bus/usb:
    >> # chown -R root:usbfs /proc/bus/usb
    >> # chmod -R g+X /proc/bus/usb
    >> # chown root:usbfs /proc/bus/usb/`lsusb | sed -ne "/0483:2016/s/Bus\
    >> \(.*\)\ Device\ \(.*\):\ .*/\1\/\2/p"`
    >> # chmod 660 /proc/bus/usb/`lsusb | sed -ne "/0483:2016/s/Bus\ \(.*\)\
    >> Device\ \(.*\):\ .*/\1\/\2/p"`
    >> You may need to replace lsusb with its full path, which is something
    >> like
    >> /sbin/lsusb or /usr/bin/lsusb depending on your distro. It might be
    >> necessary to put these lines into a script which is run at startup and
    >> resume from suspend/hibernate.
    >> In Fedora Core lsusb is not installed by default. To intall it just
    >> type:
    >>
    >> # yum install usbutils
    >> a.. As an alternative to the chown/chmod commands above, you can set
    >> mount options for usbfs with a line in /etc/fstab; an example would be
    >> none /proc/bus/usb usbfs
    >> defaults,devgid=108,devmode=0660,busgid=108,busmod e=0770,listgid=108,listmode=0660
    >> 0 0
    >> where 108 is replaced with the numerical group ID of the usbfs group
    >> (you
    >> can determine this with something like cat /etc/group | grep usbfs |
    >> cut -d':' -f 3). Make sure you only have one /proc/bus/usb entry in
    >> /etc/fstab. See the mount(8) manpage for more information on these
    >> options.
    >> This is "cleaner" but seems to have a few weird issues -- see the talk
    >> page
    >> for details.
    >> a.. You may also have files in /dev/bus/usb, which the driver will try
    >> before /proc/bus/usb. If this is another usbfs mount point (mount shows
    >> a
    >> line containing /dev/bus/usb type usbfs), then simply follow the above
    >> instructions with /dev/bus/usb rather than /proc/bus/usb. Otherwise, you
    >> may be running a new kernel (i.e. 2.6.15) that makes usbfs-like files
    >> available through /dev/bus/usb.
    >> b.. On systems running udev these files are dynamically created; you
    >> can
    >> configure their permissions by editing a udev config file. On Debian
    >> this
    >> is done by changing the usb_device line of /etc/udev/permissions.rules
    >> to
    >> read
    >> SUBSYSTEM=="usb_device", MODE="0660", GROUP="usbfs"
    >> a.. For the beta versions only, there is a logfile, which needs to exist
    >> with the proper permissions:
    >> # touch /var/log/BSP.log && chown root:bioapi /var/log/BSP.log &&
    >> chmod
    >> 660 /var/log/BSP.log
    >> Miscellaneous configuration
    >> a.. To increase the security level (minimize false accept rate), set
    >> this
    >> in /etc/tfmessbsp.cfg:
    >> security-level="5"
    >> ATTENTION!
    >> Please see discussion section Security Level!
    >> Testing the driver and enrolling a fingerprint
    >> To test the driver and generate the file containing your fingerprint
    >> information, you need a sample program included with the driver. The
    >> compilation steps below were discovered by trial and error; if they
    >> don't
    >> work for you, try the binary Sample utility that came with the beta
    >> versions of the driver (i.e., TFMESS_BSP_LIN_1.0beta2.zip as mentioned
    >> above). Go to the folder where you extracted TFMESS_BSP_LIN_1.0.zip and
    >> do:
    >>
    >> # cd NonGUI_Sample
    >> Edit main.c and remove (or comment out) the line
    >> #include "port/bioapi_port.h"
    >> then add the line
    >> #include
    >> # gcc -o Sample
    >> main.c -L/usr/local/lib -lbioapi100 -DUNIX -DLITTLE_ENDIAN
    >> # ./Sample
    >> Note that Sample may only run as root, unless you've already
    >> configured
    >> the usbfs file permissions.
    >> You can try to "e"nroll (to record a fingerprint for an account) and
    >> then
    >> "v"erify (to test a fingerprint against the one it expects for an
    >> account).
    >> You'll save a step later if you use your own login username as the
    >> username to enroll here.
    >> If running ./Sample produces the error message 'BioAPI_ModuleLoad
    >> failed,
    >> BioAPI Error Code: 6477 (0x194d)'
    >> then uncommenting the line
    >> //BioAPI_SetGUICallbacks(gModuleHandle, NULL, NULL,TextGuiCallback,
    >> NULL);
    >> in main.c can help.
    >> Login via pam_bioapi
    >> The following explains how to add fingerprint authentiation to programs
    >> that use the PAM (Pluggable Authentication Modules) framework, such as
    >> Gnome's GDM and KDE's KDM and screensaver.
    >>
    >> Getting required libs & tools
    >> Installing pam_bioapi
    >> a.. Prerequisites
    >> On SuSE 10, I needed to install the pam-devel RPM
    >> In general, you will need pam itself (standard for most distros) as
    >> well
    >> as the pam development files (probably an optional package for your
    >> distro).
    >> a.. Get and compile the pam_bioapi module.
    >> Hint:
    >> A new version, pam_bioapi 0.3.0, with multi-finger and identification
    >> support can be found here.
    >> There's work in progress. pam_bioapi and biometrics-manager can be
    >> downloaded here.
    >>
    >> $ wget
    >> http://www.qrivy.net/~michael/blua/p...latest.tar.bz2
    >> $ tar xjf pam_bioapi-latest.tar.bz2
    >> $ cd pam_bioapi-0.2.1
    >> $ wget http://badcode.de/downloads/fingerprint.patch
    >> $ patch -p0 < fingerprint.patch
    >> If you want to, review the patch. In general you should review all
    >> code
    >> you download and compile, if possible.
    >> $ ./configure --libdir=/lib && make
    >> and as root
    >> # make install
    >> NOTE!
    >> If you get a 'rpl_malloc' error in /var/log/auth.log when trying to use
    >> the
    >> fingerprint reader, redo these steps and remove the related term from
    >> Makefile after running ./configure. (FC3, Debian etch)
    >> a.. If you get 'configure: error: cannot find required header:
    >> security/_pam_macros.h' and are on a Debian-like system, do "apt-get
    >> install libpam0g-dev" and try again. If you are using a Mandriva
    >> distribution, do "urpmi libpam0-devel" instead.
    >> b.. If you get 'configure: error: cannot find required header:
    >> security/pam_modules.h' and are on a Debian-like system, do "apt-get
    >> install libpam0g-dev" and try again.
    >> c.. If you get 'configure: error: cannot find required header:
    >> sqlite3.h'
    >> and are on a Debian-like system, do "apt-get install libsqlite3-dev" and
    >> try again.
    >> d.. If you get 'make: msgfmt: command not found' and are on a
    >> Debian-like
    >> system, do "apt-get install gettext" and try again.
    >> e.. If you get 'PAM [dlerror: /lib/security/pam_bioapi.so: undefined
    >> symbol: BioAPIMemoryFuncs]' error in your syslog, replace 'LIBS = ' line
    >> in
    >> libpam_bioapi/makefile with the following (of course, replace
    >> /opt/bioapi/
    >> with the path where you installed bioapi):
    >> LIBS = -L/opt/bioapi/lib -lbioapi100 -lbioapi_mds300 -lmds_util
    >> a.. Use the sample tool from the fingerprint reader to create
    >> .bir ( must be the username you want to login with.
    >> gdm
    >> will probably break for any login name that has no .bir file).
    >> b.. As root do:
    >> # SERIAL=`BioAPITest | sed -ne "/Fingerprint/{n;n;s/^.*:
    >> \(.\{9\}\)\(.\{4\}\)\(.\{4\}\)\(.\{4\}\)\(.*\)/\1-\2-\3-\4-\5/gp}"`
    >> # echo $SERIAL should print something like
    >> {5550454b-2054-464d-2f45-535320425350} now.
    >> If it does, do:
    >> # mkdir -p /etc/bioapi/pam/$SERIAL
    >> # cp .bir /etc/bioapi/pam/$SERIAL
    >> If not, you might just try
    >> # SERIAL={5550454b-2054-464d-2f45-535320425350}
    >> as this value is hardcoded into the UPEK docs.
    >> Configuring pam
    >> The following part is distribution specific. On Ubuntu or SUSE you can
    >> modify /etc/pam.d/common-auth (on Gentoo and Fedora Core it is
    >> /etc/pam.d/system-auth) to look like this:
    >>
    >> #
    >> # /etc/pam.d/common-auth - authentication settings common to all
    >> services
    >> #
    >> # This file is included from other service-specific PAM config files,
    >> # and should contain a list of the authentication modules that define
    >> # the central authentication scheme for use on the system
    >> # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
    >> # traditional Unix authentication mechanisms.
    >> #
    >> auth sufficient pam_bioapi.so
    >> {5550454b-2054-464d-2f45-535320425350} /etc/bioapi/pam/
    >> password sufficient pam_bioapi.so
    >> {5550454b-2054-464d-2f45-535320425350} /etc/bioapi/pam/
    >> auth required pam_unix.so nullok_secure
    >>
    >>
    >>
    >>
    >> --------------------------------------------------------------------------------
    >>
    >> For Gentoo-Users - this allows you to attempt a password first. If you
    >> simply press enter, it then prompts for a fingerprints. Create a file
    >> named
    >> /etc/pam.d/bioapi. This also means that remote services, such as SSH
    >> keep
    >> working:
    >>
    >> auth required pam_env.so
    >> auth sufficient pam_unix.so likeauth nullok
    >> auth sufficient pam_bioapi.so
    >> {5550454b-2054-464d-2f45-535320425350} /etc/bioapi/pam/
    >> auth required pam_deny.so
    >>
    >> account required pam_unix.so
    >>
    >> session required pam_limits.so
    >> session required pam_unix.so
    >>
    >> --------------------------------------------------------------------------------
    >>
    >> Now, simply replace "auth include system-auth" in all services that you
    >> wish to use fingerprint for with "auth include bioapi". For example,
    >> /etc/pam.d/kde by default contains
    >>
    >> auth include system-auth
    >> auth required pam_nologin.so
    >>
    >> account include system-auth
    >>
    >> password include system-auth
    >>
    >> session include system-auth
    >> Simply replace the first "system-auth" with bioapi and you can also get
    >> rid
    >> of KDE desktop lock with a fingerprint. If you do not wish to allow for
    >> "password fallback" then remove
    >>
    >> auth sufficient pam_unix.so likeauth nullok
    >> from /etc/pam.d/bioapi.
    >>
    >> ATTENTION!
    >> If su/sudo expects to receive the root password (SuSE 10), you need to
    >> have
    >> fingerprint settings for root (that is, copy in a root.bir as well as a
    >> your-username.bir). Otherwise, they get a segmentation fault. Which is a
    >> little unfortunate, given that you need to su or sudo to change your
    >> settings...
    >> ATTENTION!
    >> Not only SuSE 10 requires root.bir to be available for su to work. Just
    >> make sure you have root.bir when su is not working with your fingerprint
    >> reader but other applications are...
    >> Note that sshd may pick up the fingerprint settings from
    >> /etc/pam.d/common-auth. I didn't want that, so I removed the "auth
    >> include
    >> common-auth" line from /etc/pam.d/sshd and replaced it with the lines
    >> that
    >> were originally in my /etc/pam.d/common-auth. That way most local
    >> services
    >> use the fingerprint reader, but sshd does not.
    >>
    >> NOTE!
    >> su/sudo will call for your fingerprint even if you are remote via ssh.
    >> Pressing *CTLR-c* (or closing graphic window) will allow you the desired
    >> password option.
    >> Another way to do this is to create a file (/etc/pam.d/bioapi for
    >> example)
    >> which contains the pam_bioapi.so lines, and explicitly @include this
    >> before
    >> /etc/pam.d/common-auth in the files for services which should use the
    >> fingerprint reader. In this case you should leave /etc/pam.d/common-auth
    >> alone.
    >>
    >> NOTE!
    >> This was discovered through trial and success, if it is plain wrong,
    >> wikorrect it, please.
    >> In Fedora Core the original 'session' terms in /etc/pam.d/system-auth
    >> need
    >> to be kept.
    >>
    >> Hint:
    >> The setup described above will/could affect remote ssh logins to also
    >> use
    >> biometric logins, which is a bit silly (who wants to remote ssh to the
    >> laptop, and then have to walk over to it and swipe your finger)
    >> To avoid that you can copy the default /etc/pam.d/system-auth to
    >> /etc/pam.d/sshd which will allow the sshd service to use the standard
    >> authentication procedure.
    >>
    >>
    >>
    >>
    >> --------------------------------------------------------------------------------
    >>
    >> To enable normal password authorization to work with remote SSH in SUSE
    >> 10.3, edit the /etc/pam.d/sshd file. Remove all entries and replace them
    >> with:
    >>
    >> auth required pam_env.so
    >> auth required pam_unix2.so
    >> auth required pam_nologin.so
    >> account required pam_unix2.so
    >> password required pam_pwcheck.so nullok
    >> password required pam_unix2.so nullok use_first_pass
    >> use_authtok
    >> session required pam_limits.so
    >> session required pam_unix2.so
    >> NOTE!
    >> These entries are what common-auth normally does. Since we've changed
    >> common-auth around for bioapi, these need to be specified
    >> manually. -Ransak
    >>
    >> --------------------------------------------------------------------------------
    >>
    >> You can do some useful testing with pamtester, which calls the pam
    >> modules
    >> as if it were a program of your choice. Examples:
    >>
    >> # pamtester xdm yourusername authenticate
    >> $ pamtester xscreensaver yourusername authenticate
    >> where yourusername is your username. Note that pamtester should run as
    >> root
    >> if and only if the program in question does.
    >>
    >> Application support
    >> The implementation of fingerprint scanning support in the relevant
    >> applications varies.
    >>
    >> Here is the behaviour of the most common ones:
    >>
    >> a.. In gdm enter your username and there should pop up an (ugly) image
    >> to
    >> swipe your finger and... magic - you can login without a password.
    >> b.. kdm doesn't give any visual indication, other than that the cursor
    >> stops blinking. Just swipe your finger and hope it lets you log in.
    >> c.. In xdm, enter your username and a blank password, then swipe
    >> (there
    >> is no popup as well). Identification support for xdm can be achieved
    >> with
    >> this patch.
    >> d.. The KDE screen saver in SUSE 10 requires you to enter an empty
    >> password (or select the correct user and then enter an empty password)
    >> in
    >> order to get the fingerprint prompt.
    >> e.. For Fedora users, the redhat-config tools will crash if no
    >> root.bir
    >> presents. Also, there won't be any visual idication unless X server is
    >> properly configured for root to access. Just swipe your finger when the
    >> HDD
    >> stopped blinking or issue the following command in advance:
    >> $ xhost +local:
    >> a.. For RHEL4 users gdm, console (virtual terminal) logins and the
    >> xscreensaver all work
    >> kdm support
    >> To add graphical popup to kdm, you need following:
    >>
    >> a.. Patch for pam_bioapi. This patch adds third parameter to
    >> pam_bioapi.so module, which is a name of file with additional
    >> environment
    >> variables that will be supplied to the UPEK driver.
    >> # wget
    >> http://upir.cz/linux/patches/pam_bio...-environ.patch
    >> # patch -p1 < pam_bioapi-0.2.1-alter-environ.patch
    >> a.. Edit your Xsetup file (on SUSE 10 it's /etc/X11/xdm/Xsetup) and
    >> add
    >> these lines:
    >> echo "XAUTHORITY=$XAUTHORITY" > /var/lib/xdm/kdm_env
    >> echo "DISPLAY=$DISPLAY" >> /var/lib/xdm/kdm_env
    >> a.. In /etc/pam.d/xdm file, add /var/lib/xdm/kdm_env as a third
    >> parameter
    >> for pam_bioapi.so module:
    >> auth sufficient pam_bioapi.so {5550454b-2054-464d-2f45-535320425350}
    >> /etc/bioapi/pam/ /var/lib/xdm/kdm_env
    >> a.. On Ubuntu simply do:
    >> echo "DISPLAY=$DISPLAY" >> /var/lib/kdm/kdm_env
    >> a.. If you have created /etc/pam.d/bioapi then modify:
    >> auth sufficient pam_bioapi.so {5550454b-2054-464d-2f45-535320425350}
    >> /etc/bioapi/pam/ /var/lib/kdm/kdm_env
    >>
    >> Please note, that this won't work if you have more than one Xserver.
    >>
    >> Make xscreensaver use the scanner
    >> If you are using Gentoo, you can get a portage overlay with the
    >> necessary
    >> patches here:
    >> http://www.zzamboni.org/brt/files/xs...overlay.tar.gz
    >>
    >> a.. Get the needed xscreensaver sources:
    >> $ wget http://www.jwz.org/xscreensaver/xscr...er-4.23.tar.gz
    >> $ tar xzf xscreensaver-4.23.tar.gz
    >> $ cd xscreensaver-4.23
    >> $ wget
    >> http://www.nax.cz/pub/bioapi/2005/xs...ativeAuth.diff
    >> mirror: http://zepan.org/files/xscreensaver-...ativeAuth.diff
    >> For xscreensaver 5.00, you can get a patch here:
    >> http://www.zzamboni.org/brt/files/xs...tiveauth.patch
    >> a.. After reviewing the patch (it's small and straightforward), do
    >> $ patch -p1 < xscreensaver-4.22_alternativeAuth.diff
    >> The patch prevents xscreensaver from opening an authentification
    >> window
    >> and dispatches the authentification request to another program, in our
    >> case
    >> pam and pam_bioapi. It should apply with some offset, don't mind that.
    >> If
    >> it says something about rejected though, then there's a problem.
    >> a.. Compile with
    >> $ ./configure --with-pam && make
    >>
    >> a.. If you receive an error like "Couldn't find X11 headers/libs" and
    >> are
    >> running a Debian-like system, try "apt-get install xlibs-dev"
    >> b.. If you receive an error like "undefined reference to
    >> `XmuPrintDefaultErrorMessage'" then install the libxmu-dev package and
    >> run
    >> the previous line again and then install as root with
    >> $ su -c make install .
    >> a.. Make sure that the newly compiled xscreensaver is used:
    >> $ which xscreensaver should return
    >> /usr/local/bin/xscreensaver .
    >> a.. In case it doesn't, try adjusting your PATH.
    >> Common problems
    >> Bioapi error #3
    >> This is sometimes caused by improper permissions. The full error message
    >> is
    >> "BioAPI Error Code: 3 (0x3)".
    >>
    >> However, at least on Gentoo, recent upgrades to glibc and gcc 4.1.1
    >> caused
    >> Bioapi to break down due to some sort of incompatibility with bioapi
    >> registry. Reinstalling does not repair the issue automatically. However,
    >> you can still fix the issue manually, by removing /var/bioapi. You need
    >> to
    >> reinstall tfm-fingerprint driver after reinstalling bioapi so that the
    >> driver is properly re-registered. As root, type
    >>
    >> # emerge -C bioapi
    >> # rm -rf /var/bioapi
    >> # emerge -av1 bioapi tfm-fingerprint
    >> Retrieved from
    >> "http://www.thinkwiki.org/wiki/How_to_enable_the_fingerprint_reader"
    >>

    >
    > Ain't Linux wonderful????
    >
    > Face it, Linux can't even manage to fully utilize the power saving
    > abilities of many current laptops, what chance does it have of working
    > correctly out of the box with finger print readers?
    >
    > Linux, which has the uncanny ability to turn a 6 button laser mouse into
    > a
    > 2 button basic mouse.
    >
    > Linux, free for the taking yet still sitting at 0.6 percent of desktop
    > market share.
    >
    > Linux, it's free, when your time has no value.
    >
    > Poor Linux, it's all dressed up for prom night but still doesn't have a
    > date.


    The reason that I even brought this up is because my new laptop (woo-hoo)
    just arrived yesterday. It's a decent model and I noticed the "biometric
    fingerprint scanner" and it's very slick. Much faster than typing my
    username/password. I just swipe my finger over it and it instantly logs me
    in. I can always use the keyboard if I want to login as someone else
    (Administrator for example) but for my normal/default working account...
    swipe my finger and I'm done.

    I was curious how this would work if I setup the laptop for dual boot. From
    the looks of the amount of work and time required... I would have to login
    about 97-million times to "break-even" on my time.



    > --
    > Moshe Goldfarb
    > Collector of soaps from around the globe.
    > Please visit The Hall of Linux Idiots:
    > http://linuxidiots.blogspot.com/



    ** Posted from http://www.teranews.com **

  5. Re: Laptop fingerprint readers and linux

    Moshe Goldfarb writes:

    >On Tue, 6 May 2008 19:22:40 -0400, Ezekiel wrote:


    An infinite amount of stuff about fingerprint readers removed.


    >Ain't Linux wonderful????


    >Face it, Linux can't even manage to fully utilize the power saving
    >abilities of many current laptops, what chance does it have of working
    >correctly out of the box with finger print readers?


    Neitehr does Windows. The makers of thos laptops wrote the code to run
    those fingerprint readers. They did not write the code, and hid the API so
    noone else could write it either. Yell at them, not linux.



  6. Re: Laptop fingerprint readers and linux

    "Ezekiel" writes:

    681 lines removed. And people still think that bottom posting is better
    than top posting. Sheesh.


    >The reason that I even brought this up is because my new laptop (woo-hoo)
    >just arrived yesterday. It's a decent model and I noticed the "biometric
    >fingerprint scanner" and it's very slick. Much faster than typing my
    >username/password. I just swipe my finger over it and it instantly logs me
    >in. I can always use the keyboard if I want to login as someone else
    >(Administrator for example) but for my normal/default working account...
    >swipe my finger and I'm done.


    >I was curious how this would work if I setup the laptop for dual boot. From
    >the looks of the amount of work and time required... I would have to login
    >about 97-million times to "break-even" on my time.


    Write the manufacturer.





  7. Re: Laptop fingerprint readers and linux

    Ezekiel wrote:

    > Many new laptops have a fingerprint reader where you can just 'swipe' your
    > finger of the pad and presto... you're logged in.
    >


    So what you're saying is that preinstalled is easier. Well duh!

    Ian

  8. Flatfish says its time has no value.

    On Tue, 06 May 2008 19:53:22 -0400, Moshe Goldfarb wrote:
    (snip)
    > Ain't Linux wonderful????
    >

    Yes, it is.

    > Face it, Linux can't even manage to fully utilize the power saving
    > abilities of many current laptops, what chance does it have of working
    > correctly out of the box with finger print readers?


    That depends on if there are drivers for the readers, doesn't it?

    >
    > Linux, which has the uncanny ability to turn a 6 button laser mouse into
    > a 2 button basic mouse.


    That's a lie.

    >
    > Linux, free for the taking yet still sitting at 0.6 percent of desktop
    > market share.


    Herd mentality, inertia, network effects, (and your speciality) FUD.

    >
    > Linux, it's free, when your time has no value.


    If that is true, your time must have no value.

    >
    > Poor Linux, it's all dressed up for prom night but still doesn't have a
    > date.


    Poor flatfish... lying all the time.

    --
    Rick

  9. Re: Flatfish says its time has no value.

    "Rick" stated in post
    QZ6dnXko95PkvbzVnZ2dnUVZ_gOdnZ2d@supernews.com on 5/6/08 8:22 PM:

    > Herd mentality, inertia, network effects, (and your speciality) FUD.


    Rick's mantra... now if only he could figure out what he means by it.


    --
    Computers are incredibly fast, accurate, and stupid: humans are incredibly
    slow, inaccurate and brilliant; together they are powerful beyond
    imagination. - attributed to Albert Einstein, likely apocryphal


  10. Re: Laptop fingerprint readers and linux

    Verily I say unto thee, that Ian Hilliard spake thusly:
    > Ezekiel wrote:


    >> Many new laptops have a fingerprint reader where you can just
    >> 'swipe' your finger of the pad and presto... you're logged in.
    >>

    >
    > So what you're saying is that preinstalled is easier. Well duh!


    Biometrics is a flawed concept anyway:

    Malaysia car thieves steal finger

    Police in Malaysia are hunting for members of a violent gang who chopped
    off a car owner's finger to get round the vehicle's hi-tech security
    system.
    http://news.bbc.co.uk/1/hi/world/asi...ic/4396831.stm

    Anyway, Linux supports such devices using the BioAPI framework, for
    those brave enough to risk their digits:

    How to enable the fingerprint reader has a good explanation for using
    the fingerprint reader with the closed-source binary driver. But there
    is also an opensource project called ThinkFinger which does the same,
    but open.

    However: The fingerprint reader is an INSECURE device and gives a false
    sense of security! There has been quite a bit of research by a hacker
    named Starbug, a member of the Chaos Computer Club, Berlin, Germany. He
    outlined in two very good talks how to forge each and every available
    fingerprint sensor available at the cost of a few euros, using materials
    from your local hardware store, a digicam and a laser printer! Here's
    some links:

    [1] Fingerprint recognition in supermarkets
    [2] Video tutorial for forging fingerprints


    [1]
    [2]

    --
    K.
    http://slated.org

    ..----
    | 'When it comes to knowledge, "ownership" just doesn't make sense'
    | ~ Cory Doctorow, The Guardian. http://tinyurl.com/22bgx8
    `----

    Fedora release 8 (Werewolf) on sky, running kernel 2.6.23.8-63.fc8
    04:57:52 up 138 days, 1:33, 6 users, load average: 0.15, 0.54, 0.73

  11. Re: Flatfish says its time has no value.

    In comp.os.linux.advocacy, Snit

    wrote
    on Tue, 06 May 2008 20:53:22 -0700
    :
    > "Rick" stated in post
    > QZ6dnXko95PkvbzVnZ2dnUVZ_gOdnZ2d@supernews.com on 5/6/08 8:22 PM:
    >
    >> Herd mentality, inertia, network effects, (and your speciality) FUD.

    >
    > Rick's mantra... now if only he could figure out what he means by it.
    >


    I'd say it's pretty obvious.

    [1] Herd mentality, aka "follow the leader". A leading
    star/starlet/etc. says use Windows; you follow along.

    [2] Inertia, aka "it's traditional". You've always done
    it that way with Windows; why change now?

    [3] Network effects, aka "heard it on the grapevine".
    Your friends use Windows; you follow along.

    [4] FUD, aka "the devil you don't know". That other
    solution might be bad, evil, and destroy NORAD according to
    (a leading star/starlet/etc.) (your friends) (a complete
    stranger); why take chances?

    Windows. Where did you want to go yesterday?

    --
    #191, ewill3@earthlink.net
    Useless C++ Programming Idea #110309238:
    item * f(item *p) { if(p = NULL) return new item; else return p; }
    ** Posted from http://www.teranews.com **

  12. Re: Flatfish says its time has no value.

    "The Ghost In The Machine" stated in post
    gao7f5-tha.ln1@sirius.tg00suus7038.net on 5/6/08 9:38 PM:

    > In comp.os.linux.advocacy, Snit
    >
    > wrote
    > on Tue, 06 May 2008 20:53:22 -0700
    > :
    >> "Rick" stated in post
    >> QZ6dnXko95PkvbzVnZ2dnUVZ_gOdnZ2d@supernews.com on 5/6/08 8:22 PM:
    >>
    >>> Herd mentality, inertia, network effects, (and your speciality) FUD.

    >>
    >> Rick's mantra... now if only he could figure out what he means by it.
    >>

    >
    > I'd say it's pretty obvious.
    >
    > [1] Herd mentality, aka "follow the leader". A leading
    > star/starlet/etc. says use Windows; you follow along.


    But Rick shows no support that this is what is causing the effects he
    attributes it to, he contradicts himself:

    Millions have formatted a disk and installed Linux without problems.

    People are buying WIndows machines, dumping it, and installing
    Linux machines. The Web is teeming with sites describing the
    procedure.

    > [2] Inertia, aka "it's traditional". You've always done
    > it that way with Windows; why change now?


    See the quotes, above.

    > [3] Network effects, aka "heard it on the grapevine".
    > Your friends use Windows; you follow along.


    Ditto... quotes above prove he does not (always) believe this.

    > [4] FUD, aka "the devil you don't know". That other
    > solution might be bad, evil, and destroy NORAD according to
    > (a leading star/starlet/etc.) (your friends) (a complete
    > stranger); why take chances?
    >
    > Windows. Where did you want to go yesterday?


    There is no doubt that Windows benefits from its effective monopoly
    position, but Rick uses his mantra to avoid looking at the clear problems
    with desktop Linux that have been discussed. I had a lengthy discussion
    with him about the fractured nature of the Linux desktop UI - and he
    sometimes agreed that it was fractured into at least four different UIs
    (though he did not like the word "fractured" he never was able to offer a
    better one), and other times denied it was fractured. And when push came to
    shove he spewed his mantra to avoid the topic.

    His mantra is not one that he can support... or show that he even
    understands what it means.




    --
    Computers are incredibly fast, accurate, and stupid: humans are incredibly
    slow, inaccurate and brilliant; together they are powerful beyond
    imagination. - attributed to Albert Einstein, likely apocryphal


  13. Re: Flatfish says its time has no value.

    Moshe Goldfarb wrote:
    > On Tue, 06 May 2008 20:53:22 -0700, Snit wrote:
    >
    >> "Rick" stated in post
    >> QZ6dnXko95PkvbzVnZ2dnUVZ_gOdnZ2d@supernews.com on 5/6/08 8:22 PM:
    >>
    >>> Herd mentality, inertia, network effects, (and your speciality) FUD.

    >> Rick's mantra... now if only he could figure out what he means by it.

    >
    > Rick's going off the deep end.
    > He still hasn't explained how herd mentality hasn't seemed to effect
    > firefox.
    >

    Yes, I did. It was in several posts to Snit.
    --
    Rick

  14. Re: Flatfish says its time has no value.

    On Tue, 06 May 2008 21:38:08 -0700, The Ghost In The Machine wrote:

    > In comp.os.linux.advocacy, Snit
    >
    > wrote
    > on Tue, 06 May 2008 20:53:22 -0700
    > :
    >> "Rick" stated in post
    >> QZ6dnXko95PkvbzVnZ2dnUVZ_gOdnZ2d@supernews.com on 5/6/08 8:22 PM:
    >>
    >>> Herd mentality, inertia, network effects, (and your speciality) FUD.

    >>
    >> Rick's mantra... now if only he could figure out what he means by it.
    >>
    >>
    >>

    > I'd say it's pretty obvious.
    >
    > [1] Herd mentality, aka "follow the leader". A leading
    > star/starlet/etc. says use Windows; you follow along.
    >
    > [2] Inertia, aka "it's traditional". You've always done it that way
    > with Windows; why change now?
    >
    > [3] Network effects, aka "heard it on the grapevine". Your friends use
    > Windows; you follow along.
    >
    > [4] FUD, aka "the devil you don't know". That other solution might be
    > bad, evil, and destroy NORAD according to (a leading star/starlet/etc.)
    > (your friends) (a complete stranger); why take chances?
    >
    > Windows. Where did you want to go yesterday?


    In case you don't know, there are a couple attempts in CSMA to stop,or at
    lessen greatly lessen, replies to Snit. They are trying to see if that
    will shut him up. Sadly, it isn't working. There are some people that
    seem compelled to reply to him. Snit just keeps posting his dishonest
    tripe, while showing his extreme ignorance.

    Ah, well.

    --
    Rick

  15. Re: Laptop fingerprint readers and linux

    On Wed, 07 May 2008 04:58:07 +0100, Homer wrote:

    > Verily I say unto thee, that Ian Hilliard spake thusly:
    >> Ezekiel wrote:

    >
    >>> Many new laptops have a fingerprint reader where you can just
    >>> 'swipe' your finger of the pad and presto... you're logged in.
    >>>

    >>
    >> So what you're saying is that preinstalled is easier. Well duh!

    >
    > Biometrics is a flawed concept anyway:


    So is Linux but that doesn't stop you from trumpeting it like a crazed
    zealot.

    BTW, if Linux could work with fingerprint readers you Linux boobs would be
    shouting it from the mountain tops but since it doesn't all of a sudden the
    technology is no good.

    Sour grapes once again from the sad Linux community.


    --
    Moshe Goldfarb
    Collector of soaps from around the globe.
    Please visit The Hall of Linux Idiots:
    http://linuxidiots.blogspot.com/

  16. Re: Laptop fingerprint readers and linux

    On Wed, 07 May 2008 01:26:22 GMT, Unruh wrote:

    > Moshe Goldfarb writes:
    >
    >>On Tue, 6 May 2008 19:22:40 -0400, Ezekiel wrote:

    >
    > An infinite amount of stuff about fingerprint readers removed.
    >
    >
    >>Ain't Linux wonderful????

    >
    >>Face it, Linux can't even manage to fully utilize the power saving
    >>abilities of many current laptops, what chance does it have of working
    >>correctly out of the box with finger print readers?

    >
    > Neitehr does Windows. The makers of thos laptops wrote the code to run
    > those fingerprint readers. They did not write the code, and hid the API so
    > noone else could write it either. Yell at them, not linux.


    Don't matter.
    When the person buying the Linux laptop discovers all the things that don;t
    work with Linux, but *do* work with Windows, that laptop is going to get
    returned.

    Like this one for example, from Lenovo:

    http://www.channelinsider.com/c/a/Re...-of-Questions/

    After the initial boot and logon, we were faced with a clean,
    well-organized desktop, but one element caught our eye right away¡Xa text
    document called ThinkPad Readme.txt. We launched it and found that the
    document¡¦s first line was ¡§Limitations, Workarounds and How To¡¦s for
    SLED10.¡¨ We did not like the sound of that ¡§limitations¡¨ element. After
    all, isn¡¦t Linux supposed to be about overcoming limitations?

    The first part of the document covered ¡§features not supported.¡¨ Some of
    those features are:

    * ThinkVantage Active Protection System.
    * ThinkVantage Access Connections for SUSE Linux
    * ThinkPad Configuration for SUSE Linux
    * ThinkPad Power Manager for SUSE Linux
    * Wireless WAN Adapter
    * ThinkVantage Button
    * (Intel Graphics System) DVI Output

    From our point of view, Lenovo was not off to a good start.



    Go Linux!!!!

    You GO GIRL!



    --
    Moshe Goldfarb
    Collector of soaps from around the globe.
    Please visit The Hall of Linux Idiots:
    http://linuxidiots.blogspot.com/

  17. Re: Laptop fingerprint readers and linux


    "Ian Hilliard" wrote in message
    news:1210129929.413857@angel.amnet.net.au...
    > Ezekiel wrote:
    >
    >> Many new laptops have a fingerprint reader where you can just 'swipe'
    >> your
    >> finger of the pad and presto... you're logged in.
    >>

    >
    > So what you're saying is that preinstalled is easier. Well duh!


    What I'm saying is "hardware that works" is easier. People don't care about
    your excuse for why something doesn't work. Secret API's, propreitary
    drivers and whatever other excuse you have means absolutely nothing to the
    consumer if the hardware simply doesn't work.

    > Ian



    ** Posted from http://www.teranews.com **

  18. Re: Laptop fingerprint readers and linux


    "Homer" wrote in message
    news:hvl7f5-ck5.ln1@sky.matrix...
    > Verily I say unto thee, that Ian Hilliard spake thusly:
    >> Ezekiel wrote:

    >
    >>> Many new laptops have a fingerprint reader where you can just
    >>> 'swipe' your finger of the pad and presto... you're logged in.
    >>>

    >>
    >> So what you're saying is that preinstalled is easier. Well duh!

    >
    > Biometrics is a flawed concept anyway:


    What's flawed is your pathetic example.

    > [quote]
    > Malaysia car thieves steal finger


    Well... just because one person out of billions on this planet lost their
    finger then this surely makes the technology useless. Idiot.



    ** Posted from http://www.teranews.com **

  19. Re: Flatfish says its time has no value.

    On Tue, 06 May 2008 20:53:22 -0700, Snit wrote:

    > "Rick" stated in post
    > QZ6dnXko95PkvbzVnZ2dnUVZ_gOdnZ2d@supernews.com on 5/6/08 8:22 PM:
    >
    >> Herd mentality, inertia, network effects, (and your speciality) FUD.

    >
    > Rick's mantra... now if only he could figure out what he means by it.


    Rick's going off the deep end.
    He still hasn't explained how herd mentality hasn't seemed to effect
    firefox.

    --
    Moshe Goldfarb
    Collector of soaps from around the globe.
    Please visit The Hall of Linux Idiots:
    http://linuxidiots.blogspot.com/

  20. Re: Flatfish says its time has no value.

    Moshe Goldfarb writes:

    > On Tue, 06 May 2008 20:53:22 -0700, Snit wrote:
    >
    >> "Rick" stated in post
    >> QZ6dnXko95PkvbzVnZ2dnUVZ_gOdnZ2d@supernews.com on 5/6/08 8:22 PM:
    >>
    >>> Herd mentality, inertia, network effects, (and your speciality) FUD.

    >>
    >> Rick's mantra... now if only he could figure out what he means by it.

    >
    > Rick's going off the deep end.
    > He still hasn't explained how herd mentality hasn't seemed to effect
    > firefox.



    or the eee.

+ Reply to Thread
Page 1 of 2 1 2 LastLast