Finger on scanner.

Biometric FingerPrint Authentication for BSD/Linux


[en]  [ru]










PAM_BFP: Pluggable Authentication Module with Biometric FingerPrint

General Introduction

Pluggable Authentication Module with Biometric FingerPrint was developed to provide the missing user's biometric fingerprint authentication for the Unix/Linux world. The PAM_BFP package is the newest user authentication module based on the modern biometric fingerprint technology. In Microsoft Windows world such software is called like "biometric logon or login", therefore it is possible to call PAM_BFP module as "Unix biometric logon or login". Unlike Microsoft Windows authentication schemes the PAM mechanism is very flexible and powerful, and allows to build a very strong N-factor authentication schemes. Note also the following: Microsoft Windows is required the password of the authenticated user, but PAM_BFP module don't need user's password. In this case we could say that PAM_BFP module is a true "biometric logon". The current implementation is supported FreeBSD and Linux platforms.

Hardware Requirements

See BFPSDK's page for reference.

Software Requirements (Operating Systems)

FreeBSD 4.7 or higher,   Linux (kernels 2.2.x, 2.4.x, 2.6.x)

Software Requirements (Application Libraries)

PAM_BFP package is required the application library bfpsdk.

Hardware Installation

See BFPSDK's page for reference.

Software Installation

In the supplied documentation you will find a more detail instructions, but following steps will be enough to run pam_bfp package.

1. Download and install library bfpsdk (binary package for your platfrom or skip this step if you've already installed package bfpsdk)
2. Download PAM_BFP package for your platform, for example, into directory /usr/local/src:   cd /usr/local/src
      Unarchive tarball package:   tar xzf pam_bfp-<os>-<ver>-<hdw>.tar.gz
3. Go to this new directory:   cd pam_bfp
4. Build package from sources or skip this step if binaries already present:   make -f makefile.unx
5. Install shared PAM_BFP module (
      Generic Linux notes:   make -f makefile.inx install-lnx
      Debian Linux notes:   make -f makefile.inx install-deb
      FreeBSD notes:   make -f makefile.inx install-bsd
6. Build template for you: maketmpl <username>.tmpl
7. Create configuration catalog /usr/local/etc/auth_pam_bfp:   mkdir   /usr/local/etc/auth_pam_bfp
8. Copy template(s) into configuration catalog:   cp   *.tmpl   /usr/local/etc/auth_pam_bfp
9. Copy sample config file from catalog config into /usr/local/etc/auth_pam_bfp:   cp   config/auth_bfp.conf   /usr/local/etc/auth_pam_bfp
10. Edit new configuration file /usr/local/etc/auth_pam_bfp/auth_bfp.conf
      This config file can be used as real work sample: auth_bfp.conf
11. Add this line into PAM login control file:   login auth sufficient debug fp_prompt=1
      FreeBSD 4.x notes:   PAM login control file is /etc/pam.conf
      FreeBSD 5.x and Linux notes:   PAM login control file is /etc/pam.d/login
      Hints: freebsd or linux catalogs are contained ready examples.
12. Now test your installation: pam_demo <account>
13. And come back into real life:   switch to another virtual console, type account name, put finger on scanner after prompt, and welcome to system.

Screenshots (pam_bfp)

FreeBSD 4.10 (make and test template)
Make template screen 1. Make template screen 1
Make template screen 2. Make template screen 2
PAM_DEMO screen. PAM_DEMO screen

FreeBSD 4.10 (PAM_BFP in action)
Login/PAM_BFP prompt. Login/PAM_BFP prompt
Logged successfully. Logged successfully

Valid HTML 3.2! Copyright © 2004 Dmitry Stefankov Last modified: $Date: 2005-06-19 17:49:55+04 $ Powered by FreeBSD. Powered by Apache. Powered by OpenSSL.