Tree [r118] /

File Date Author Commit
docs 2007-03-05 thoenig [r94] Corrections, update man pages. Patch by Stepha...
libthinkfinger 2007-11-15 thoenig [r111] libthinkfinger now owns a own copy of the char*...
pam 2007-11-15 thoenig [r117] Do not handle remote connections.
tf-tool 2007-11-15 thoenig [r114] Add bash completion. Based on patch by Rafael ...
AUTHORS 2007-01-24 thoenig [r42] Add Pavel to AUTHORS.
COPYING 2006-11-08 thoenig [r1] initial import
ChangeLog 2007-03-30 thoenig [r108] Update ChangeLog. 2007-03-29 thoenig [r101] Add some notes about '--enable-debug' to the do...
INSTALL.svn 2007-03-05 thoenig [r96] Add, and INSTALL.svn, remo... 2007-01-29 thoenig [r44] Remove 'tf-init'.
NEWS 2007-03-30 thoenig [r107] Release: ThinkFinger 0.3 2007-11-15 thoenig [r118] Fix SVN URL. Patch by Luca Capello <>. 2007-03-05 thoenig [r96] Add, and INSTALL.svn, remo... 2007-11-15 thoenig [r114] Add bash completion. Based on patch by Rafael ...

Read Me


ThinkFinger is a driver for the UPEK/SGS Thomson Microelectronics fingerprint
reader (USB ID 0483:2016).  The device is being found either as a standalone
USB device, built into USB keyboards or built into laptops.  The following
laptop vendors are using the device:

- Dell
- IBM/Lenovo
- Toshiba

Toshiba is shipping their laptops either with the UPEK/SGS Thomson Micro-
electronics fingerprint reader or with a fingerprint reader built by AuthenTec.
The AuthenTec fingerprint reader is *not* supported by ThinkFinger.

SONY laptops with the UPEK/SGS Thomson Microelectronics fingerprint
reader are not supported.

ThinkFinger is devided into two parts: libthinkfinger and pam_thinkfinger.

libthinkfinger is a library to be used in order to communicate with the finger-
print reader.

The utility 'tf-tool' can be used to acquire and to verify fingerprints.

Installation Instructions

Please check the INSTALL file.

Simple Test Tool: tf-tool

Usage: tf-tool [--acquire | --verify | --add-user <login> ] [--verbose]

To acquire a fingerprint run 'tf-tool --acquire'.  You will be prompted to
swipe your finger.  It needs three successful swipes to get a fingerprint.
This fingerprint is being stored in '/tmp/test.bir'.

To verify a fingerprint run 'tf-tool --verify'.  tf-tool will read a finger-
print image from '/tmp/test.bir' and compare that with the finger which
is being swiped.


It is likely that you have to run 'tf-tool' as root as it needs to access the
USB device.  On most distribution the device node can not be accessed by a
regular user.

The switch '--add-user' is only available if ThinkFinger was built with PAM

Pluggable Authentication Module: pam_thinkfinger

The pluggable authentication module pam_thinkfinger can be used for PAM (e.g.
to log into your system).  The module needs to be copied to the location
where PAM expects the modules to reside.  On most GNU/Linux distributions
PAM modules are stored in '/lib/security'.

Also, the PAM module requires uinput.  For further details, please read section
"Kernel Requirements" of the installation instructions provided by the file

In order to use pam_thinkfinger, PAM needs to be aware of the module.  To
achieve this please edit '/etc/pam.d/common-auth'.  You are required to add
the following directive before any pam_unix or pam_unix2 directives:

     auth     sufficient

See [1] for a complete example how '/etc/pam.d/common-auth' looks like.

The module does only trigger for users which have deposited their fingerprint
in '/etc/pam_thinkfinger/'.

E.g. if the user 'bob' wants to login using his fingerprint, his fingerprint
needs to be stored at '/etc/pam_thinkfinger/bob.bir'.  See [2] for a more
detailed example.


If your PAM uses the pam_unix module, you need to pass a specific argument in
the /etc/pam.d/common-auth directive:

     auth     required try_first_pass

Otherwise, the password entered at the pam_thinkfinger prompt is not considered
by pam_unix.  This is only the case for pam_unix, because pam_unix2
automatically enables the try_first_pass argument by default.  More information
are available in the Linux-PAM documentation at:

If you have troubles using the PAM module you may want to pass the 'debug'

     auth     required debug

With this option the PAM module will be verbose and use syslog(3) for debug

PAM Compatibility

The pluggable authentication module pam_thinkfinger should work with all
PAM aware applications.


Timo Hoenig <>, <>
Pavel Machek <>


Wolfgang Hafenscher <> (project page)
Luca Capello <> (patches, man pages)
Stephan Berberig <> (patches)
Evgeni Golov <>

Also, to big thanks to everyone else involved with the project by testing,
reporting bugs and communicating on thinkfinger-devel.

Project Page



* svn co

Mailing List


[1] Example for a ThinkFinger-enabled '/etc/pam.d/common-auth'


auth	required
auth	sufficient
auth	required

[2] Example how to store a fingerprint image for user 'bob'

root@host~> tf-tool --add-user bob

( Now user 'bob' has to swipe his finger three times )

Copyright (C) 2006, 2007 Timo Hoenig <>

Initializing... done.
Please swipe your finger (successful swipes 3/3, failed swipes: 0)... done.
Storing data (/etc/pam_thinkfinger/bob)... done.

Now 'bob' can authenticate himself by swiping his finger.