Pluggable Authentication Module: pam_fp
=======================================

The pluggable authentication module pam_fp can be used for PAM (e.g.
to log into your system).  The module needs to be copied to the location
where PAM expects the modules to reside.  On most GNU/Linux distributions
PAM modules are stored in '/lib/security'.

pam_fp is using libfprint (http://www.reactivated.net/fprint/wiki/Libfprint)
and is based was based on pam_thinkfinger.

Also, the PAM module requires uinput.  For further details, please read section
"Kernel Requirements" of the installation instructions provided by the file
'INSTALL'.

In order to use pam_fp, PAM needs to be aware of the module.  To
achieve this please edit '/etc/pam.d/common-auth'.  You are required to add
the following directive before any pam_unix or pam_unix2 directives:

     auth     sufficient     pam_fp.so

See [1] for a complete example how '/etc/pam.d/common-auth' looks like.

The module does only trigger for users which have deposited their fingerprint
in '$HOME/.fprint/prints'.

Notes:

If your PAM uses the pam_unix module, you need to pass a specific argument in
the /etc/pam.d/common-auth directive:

     auth     required     pam_unix.so try_first_pass

Otherwise, the password entered at the pam_fp prompt is not considered
by pam_unix.  This is only the case for pam_unix, because pam_unix2
automatically enables the try_first_pass argument by default.  More information
are available in the Linux-PAM documentation at:

  http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_unix.html

If you have troubles using the PAM module you may want to pass the 'debug'
option:

     auth     required     pam_unix.so debug

With this option the PAM module will be verbose and use syslog(3) for debug
output.

PAM Compatibility
=================

The pluggable authentication module pam_fp should work with all
PAM aware applications.

Authors
=======

Timo Hoenig <thoenig@suse.de>, <thoenig@nouse.net>

[1] Example for a pam_fp-enabled '/etc/pam.d/common-auth'

#%PAM-1.0

auth	required	pam_env.so
auth	sufficient	pam_fp.so
auth	required	pam_unix2.so
