Discussion:
[Thinkfinger-devel] thinkfinger patchset: small fixes, store, fingerprints in home directory
Welkin
2007-08-13 08:03:02 UTC
Permalink
I would be very interested in the gui you created, pls post it here or
somewhere.
mfg
welkin
Christian Neumair
2007-08-14 21:22:50 UTC
Permalink
Post by Welkin
I would be very interested in the gui you created, pls post it here or
somewhere.
Demo application attached, it requires some bits of the patchset. I've
never done multithreading development before, I think my approach wrt
thinkfinger communication works, though:

The worker thread uses a (locked) queue and appends all the events it
gets from libthinkfinger, the GUI thread reads from the other end of the
queue.

Maybe you could comment on the code?
--
Christian Neumair <***@gnome.org>
Jiří Suchomel
2007-08-15 13:28:05 UTC
Permalink
Post by Christian Neumair
Post by Welkin
I would be very interested in the gui you created, pls post it here or
somewhere.
As another example of the UI, I'm working on YaST module providing fingerprint
configuration. So, if you are running SUSE, you can try
yast2-fingerprint-reader-2.15.2-10.1.i586.rpm from
http://download.opensuse.org/repositories/home:/jsuchome/openSUSE_Factory/i586/

You also need new pam-config with thinkfinger option (version >= 0.23), get it
from
http://download.opensuse.org/repositories/home:/sschober/openSUSE_Factory/i586/

Now, when you run '/sbin/yast2 fingerprint-reader', you can enable the
authentication (equivalent to one simple run of pam-config -a --thinkfinger).

In Users module (/sbin/yast2 users), edit existing or create new user. In
Plug-Ins tab, you can see "Set the user's fingerprint" entry. Use Launch to
open a screen for acquiring new fingerprint for selected user. The UI is
quite simple (very similar to what you see when you run tf-tool), I'm ready
to implement a better one if anyone could propose it.
Post by Christian Neumair
The worker thread uses a (locked) queue and appends all the events it
gets from libthinkfinger, the GUI thread reads from the other end of the
queue.
In yast2-fingerprint-reader I've used fork instead of threading, because I
didn't know how to terminate (upon user's request) the thread running
libthinkfinger_acquire.

Jiri
--
Jiri Suchomel

SUSE LINUX, s.r.o. e-mail: ***@suse.cz
Lihovarská 1060/12 tel: +420 284 028 960
190 00 Praha 9, Czech Republic http://www.suse.cz
Christian Neumair
2007-08-15 16:06:39 UTC
Permalink
Post by Jiří Suchomel
Post by Welkin
I would be very interested in the gui you created, pls post it here or
somewhere.
As another example of the UI, I'm working on YaST module providing fingerprint
configuration.
(...)
Now, when you run '/sbin/yast2 fingerprint-reader', you can enable the
authentication (equivalent to one simple run of pam-config -a --thinkfinger).
In Users module (/sbin/yast2 users), edit existing or create new user. In
Plug-Ins tab, you can see "Set the user's fingerprint" entry. Use Launch to
open a screen for acquiring new fingerprint for selected user. The UI is
quite simple (very similar to what you see when you run tf-tool), I'm ready
to implement a better one if anyone could propose it.
I'm very sceptical about admin-oriented user interfaces.

After all, fingerprints are something very personal, and using admin
utilities either requires that the user is an admin, or that he trusts
his admin enough to work on a PC while the admin is looking over his
shoulder, and the admin has to trust his user as well, since the admin
must be logged in during registration. Another aspect is that your
solution requires the user to find an admin willing to be physically
present during fingerprint registration.

Also note that it is not required to be root when accessing fingerprint
hardware. My long-term idea was to integrate my fingerprint
authentication GUI into gnome-about-me and its KDE equivalent, right
next to / above / below a chpasswd GUI.

The large benefit of the group-driven fingerprint reader permissions I
suggest is that it fits nicely to the traditional UNIX fashion of
administration (i.e. just edit /etc/groups).
--
Christian Neumair <***@gnome.org>
Jiří Suchomel
2007-08-16 08:12:24 UTC
Permalink
Post by Christian Neumair
Post by Jiří Suchomel
Post by Welkin
I would be very interested in the gui you created, pls post it here
or somewhere.
As another example of the UI, I'm working on YaST module providing
fingerprint configuration.
I'm very sceptical about admin-oriented user interfaces.
...
You may be right, but that's the way YaST works. Take it or leave it, I'd say.
(I'm not saying this can't be changed in the future, but currently I don't see
other way)

AFAIK this fingerprint reader is mostly used in laptops now, where usually
user knows root's credentials, so I hope our approach is somehow usable.

Jiri
--
Jiri Suchomel

SUSE LINUX, s.r.o. e-mail: ***@suse.cz
Lihovarská 1060/12 tel: +420 284 028 960
190 00 Praha 9, Czech Republic http://www.suse.cz
Luca Capello
2007-09-15 11:02:24 UTC
Permalink
Hello!

Sorry to answer to an "old" thread...
Post by Christian Neumair
Post by Welkin
I would be very interested in the gui you created, pls post it here or
somewhere.
Demo application attached,
FWIW, the file is missing the license bits ;-)

Other than that, it works on my Debian GNU/Linux with the following
patches available at [1]:

* tf-04-tf-tool.diff: Removed PAM ifdef, write to ~/.thinkfinger.bir
by default, but optionally to a custom path.

* tf-05-pam.diff: Make PAM look at ~/.thinkfinger.bir by default, fall
back to /etc/thinkfinger/username.bir for compatibility.

Thx, bye,
Gismo / Luca

Footnotes:
[1] http://article.gmane.org/gmane.linux.drivers.thinkfinger/424
Luca Capello
2007-09-15 11:49:41 UTC
Permalink
Hello!
Post by Luca Capello
Post by Christian Neumair
Post by Welkin
I would be very interested in the gui you created, pls post it
here or somewhere.
Demo application attached,
FWIW, the file is missing the license bits ;-)
Other than that, it works on my Debian GNU/Linux with the following
* tf-04-tf-tool.diff: Removed PAM ifdef, write to ~/.thinkfinger.bir
by default, but optionally to a custom path.
* tf-05-pam.diff: Make PAM look at ~/.thinkfinger.bir by default,
fall back to /etc/thinkfinger/username.bir for compatibility.
and your gtk-fingerprint-authentication.c program, including the
necessary configure checks and Makefile creation.

You still need to be sure that the user can access the device, thus
either using the udev.rules Christian provided at [1] or manually
chowning the correct device file.

Some comments:

1) IMHO gtk-fingerprint-authentication is too long, I'd prefer
something like tf-tool-gtk or gtk-tf-tool

2) I put gtk-fingerprint-authentication in thinkfinger/gui, because
it was the simplest way ;-)

3) I guess tf-tool should be installed in /usr/bin and no more in
/usr/sbin, since it's no longer "property" of root

4) I really prefer this solution (root agnostic) than other
admin-oriented ones (like the one developed for YaST [2])

Thx, bye,
Gismo / Luca

Footnotes:
[1] http://article.gmane.org/gmane.linux.drivers.thinkfinger/424
[2] http://article.gmane.org/gmane.linux.drivers.thinkfinger/429
Christian Neumair
2007-09-16 13:48:23 UTC
Permalink
Post by Luca Capello
Hello!
Post by Luca Capello
Post by Christian Neumair
Post by Welkin
I would be very interested in the gui you created, pls post it
here or somewhere.
Demo application attached,
FWIW, the file is missing the license bits ;-)
Unfortunetely, libthinkfinger seems to be GPL where LGPL should have
been used. I'll double-license the patchset as GPL/LGPL, and choose GPL
for the gtk demo application.
Post by Luca Capello
Post by Luca Capello
Other than that, it works on my Debian GNU/Linux with the following
* tf-04-tf-tool.diff: Removed PAM ifdef, write to ~/.thinkfinger.bir
by default, but optionally to a custom path.
* tf-05-pam.diff: Make PAM look at ~/.thinkfinger.bir by default,
fall back to /etc/thinkfinger/username.bir for compatibility.
and your gtk-fingerprint-authentication.c program, including the
necessary configure checks and Makefile creation.
Thanks, although I don't quite see how your patch bundling helps. After
all, I broke the patchset down to improve readability and reviewability.
Timo doesn't seem to have time for reviews ATM, though.

I'm not sure whether the authentication program is usable in this form,
and whether it makes sense to distribute it at all.

Regading maturity: You must at least protect the callback with
gdk_threads_enter() and gdk_threads_enter().

Regarding usability: It was meant to be a technology study, eventually I
wanted to modify gnome-about-me, where the account password can be
changed already.
--
Christian Neumair <***@gnome.org>
Luca Capello
2007-09-18 15:27:18 UTC
Permalink
Hello Christian!
Post by Christian Neumair
Post by Luca Capello
FWIW, the file is missing the license bits ;-)
Unfortunetely, libthinkfinger seems to be GPL where LGPL should have
been used. I'll double-license the patchset as GPL/LGPL, and choose
GPL for the gtk demo application.
FYI, I won't discuss anything about licenses.
[...]
Post by Christian Neumair
Thanks, although I don't quite see how your patch bundling helps.
Well, I prepared my patch not for review, but for non-technical users,
because it would have been quite hard to compile the demo application.
IMHO even if the program was intended to be a demo, the background
code (i.e. the patches for libpam-thinkfinger and tf-tool) will
probably end up upstream, thus the more the tests by end-users are,
the better it is.
Post by Christian Neumair
I'm not sure whether the authentication program is usable in this
form, and whether it makes sense to distribute it at all.
FWIW, you distributed it when you posted it to the list ;-)
Post by Christian Neumair
Regading maturity: You must at least protect the callback with
gdk_threads_enter() and gdk_threads_enter().
I'm not a skilled programmer and I haven't checked at the code, just
tested it as it is.
Post by Christian Neumair
Regarding usability: It was meant to be a technology study,
eventually I wanted to modify gnome-about-me, where the account
password can be changed already.
Agree, thus we will have something similar to the account password,
i.e. a CLI utility (tf-tool) and a GTK+ one (gnome-about-me). So, I
think the integration should do something like the following (again
similar to what "Change password..." does):

1) check if the user belongs to the fingerprint/thinkfinger group

2) authenticate the user or exit explaining why

3) acquire the fingerprint

Just my 0.02€...

Thx, bye,
Gismo / Luca
Luca Capello
2007-09-26 22:58:03 UTC
Permalink
Hello!
Post by Luca Capello
* tf-04-tf-tool.diff: Removed PAM ifdef, write to ~/.thinkfinger.bir
by default, but optionally to a custom path.
* tf-05-pam.diff: Make PAM look at ~/.thinkfinger.bir by default,
fall back to /etc/thinkfinger/username.bir for compatibility.
FWIW, this was missing from my previous patch, included the corrected
version.

Thx, bye,
Gismo / Luca

Loading...