flawed fingerprint authentication
When my employer assigned me a new Latitude D430 laptop I noticed it had a fingerprint scanner between the left and right touchpad buttons. And it came with Embassy Wave security software, which replaces the Windows GINA among other things. I decided to give it a try.
Once installed I successfully registered my index fingers, setup my account to authenticate using my fingerprints OR my password (just in case), and was happy to be able to login by swiping my finger across the scanner rather than typing in my password. Sweet!
Unfortunately I found that I was unable to register my fingerprints for any other account. This is a problem — I have two local machine accounts (one admin, one nonprivileged), I also have unprivileged accounts in two different AD domains at work, as well as use the admin accounts in each of those domains. But the Embassy software only allows my fingerprints to be registered under a single account. A conceivable workaround would be to use a different finger for each account — this would get me ten accounts. But I would have a problem remembering which finger to use for which account.
Long story short — I uninstalled Embassy and reverted to the 20th-century authentication method of choice: passwords. Yes, I use a different password for each account, I’m not sure why I find that acceptable but remembering different fingers not. An illogical quirk I suppose.
So what about linux fingerprint authentication software (this D430 dual boots FC8 & XP)? lsusb lists the device as a SGS Thomson Microelectronics Fingerprint Reader; googling this reveals a linux driver called thinkfinger, which installs easily and cleanly via yum. So now I’m off to RTFM…
…a quick documentation read reveals that it uses thinkfinger which appears to require enabling PAM authentication, which appears to mean setting up an LDAP server…which is overkill for my little home network. So no fingerprint authentication for me!