-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi!
i have an upek eikon 2 (147e:2016) in my thinkpad x220t. i'm using fprint for 3 weeks now, i must say it is an excellent feature to prevent others seeing your password, especially in lectures where 8 people are sitting right arround you. everywhere on the internet is described to use the pam_fprint.so pam.d module, but pam_fprint_enroll always fails with error -22 on the last stage. this means 5 times everything works as it should, but suddenly the LED on the scanner no more activates, and the program exits with error -22. so somewhere in the gentoo wiki i found another pam.d module, pam_fprintd.so i inserted this in the sudo pam file, and everything worked just perfectly. i enrolled my finger with fprintd-enroll, it created a fingerprint for my user, but not the way it should. later i noticed a bunch of security issues. i think it is possible to enroll a finger with no root privileges and overwrite existing fingerprints for this user just by executing fprintd-enroll. this means everyone using the notebook can just overwrite the fingerprint and have root access. where is the database file and why isn't it protected? can it be protected just with filesystem access limitations? why isn't the current fingerprint checked first or why no password check? next thing is, when you ssh into your laptop with having fprint activated for sudo, it will require you to swipe your finger, although your laptop might be somewhere arround the globe. i don't think theres a way to fix this, but you should be able to skip the scanning process and continue entering a password. I actually don't understand why it is not possible to cancel auth with ctrl-c or whatever yet. when the system has a defined auth order in the pam setting, you should be able to skip the fingerprinting, like it is possible with a password. - -- Jonas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJOxLMVAAoJEAO2SC2D9UetekgQAIeF+9JjElQenbT5W33G6gIu QmbEgFbNU9Dp8ZjsqPBJyp3W88iGxyKfEnTyOZwP8ueihe1fdzZW3CDYOIiZi40z GuaLL0fQ84OSKqan9XPjkutTd3ZeOy5FsbbcMeEIxb9eldTIu0GaCQuymuS5oax/ LLMzx9bMOi2Xm2n+AxDDiZhvdsba7VOi6u5z4jd02HTELD6nFw5v9zwCkdPQuWSu 4CetYRzErBaJe/9D4hJRoHy49lwJOHgH1cuFeEzxq3dv/H++AQ8g2IX3IFSekW65 fMyX+ShHDzVdRAYvNvUQmK91OSbQ9Za9NfSfkpdz36npltIdSAVGOeccWls1uIZl adzH27azIrehRinP6zSbUM1bgqiVHu6mYYpepEAI/Qwfi8i8oRofTEmHaX5KYpYA U/TaMnZL+jv+WTlyCKmmmYfon4o1Jo6/2lqsperiSQtIRREXynPyayzKojBUso66 CCH8I8thh5cN1JZJ1GBckAyQdsSLDLqS1o2+vKBRU7GtPDW/dS+cJKEqZcq+5vL9 VrmO3I6g1Wp+2xL0EKi+XF8B7HiboQn7RYNl+OjxIe0Vg3VAw3IPkrw/4qhO7PQG IeJsn0V/I/67icLokoe0T+6rZIji5hmhmc42YmH2CNXhx3B5L2HtHgb0MJdHX++t 8dR3hKBm6J+W6XUskcbQ =BPU7 -----END PGP SIGNATURE----- _______________________________________________ fprint mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/fprint
