[gentoo-commits] proj/betagarden:master commit in: sys-auth/fingerprint-gui/, sys-auth/fingerprint-gui/files/

["Alexey Shvetsov" <alexxy@gentoo.org>]

commit:     bb79ed5b4a5a6b8259f14721459b3cf42947add8
Author:     Alexey Shvetsov <alexxy <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 26 21:42:37 2011 +0000
Commit:     Alexey Shvetsov <alexxy <AT> gentoo <DOT> org>
CommitDate: Sat Nov 26 21:42:37 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/betagarden.git;a=commit;h=bb79ed5b

[sys-auth/fingerprint-gui] Import from alexxy overlay

(Portage version: 2.2.0_alpha78/git/Linux x86_64, signed Manifest commit with key F82F92E6)

---
 .../files/Install-step-by-step.html                |  699 ++++++++++++++++++++
 .../fingerprint-gui/fingerprint-gui-1.00.ebuild    |   60 ++
 sys-auth/fingerprint-gui/metadata.xml              |   11 +
 3 files changed, 770 insertions(+), 0 deletions(-)

diff --git a/sys-auth/fingerprint-gui/files/Install-step-by-step.html b/sys-auth/fingerprint-gui/files/Install-step-by-step.html
new file mode 100644
index 0000000..240f49e
--- /dev/null
+++ b/sys-auth/fingerprint-gui/files/Install-step-by-step.html
@@ -0,0 +1,699 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<HTML>
+<HEAD>
+	<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=utf-8">
+	<TITLE></TITLE>
+	<META NAME="GENERATOR" CONTENT="OpenOffice.org 3.2  (Unix)">
+	<META NAME="AUTHOR" CONTENT="Wolfgang Ullrich">
+	<META NAME="CREATED" CONTENT="20081021;15191700">
+	<META NAME="CHANGEDBY" CONTENT="Wolfgang Ullrich">
+	<META NAME="CHANGED" CONTENT="20100819;20523800">
+	<META NAME="Info 1" CONTENT="">
+	<META NAME="Info 2" CONTENT="">
+	<META NAME="Info 3" CONTENT="">
+	<META NAME="Info 4" CONTENT="">
+	<STYLE TYPE="text/css">
+	<!--
+		@page { margin: 2cm }
+		P { margin-bottom: 0.21cm; page-break-before: auto }
+		P.cjk { font-size: 10pt }
+		H1 { margin-bottom: 0.21cm; page-break-before: auto }
+		H1.western { font-family: "Arial", sans-serif; font-size: 16pt }
+		H1.cjk { font-family: "DejaVu Sans"; font-size: 16pt }
+		H1.ctl { font-family: "DejaVu Sans"; font-size: 16pt }
+		H2 { margin-bottom: 0.21cm; page-break-before: auto }
+		H2.western { font-family: "Arial", sans-serif; font-size: 14pt; font-style: italic }
+		H2.cjk { font-size: 14pt; font-style: italic }
+		H2.ctl { font-size: 14pt; font-style: italic }
+		H3 { margin-bottom: 0.21cm; page-break-before: auto }
+		H3.western { font-family: "Arial", sans-serif }
+		A.western:visited { so-language: en-US }
+		A.cjk:visited { so-language: zxx }
+		A.ctl:visited { so-language: zxx }
+	-->
+	</STYLE>
+</HEAD>
+<BODY LANG="en-US" DIR="LTR">
+<P ALIGN=CENTER STYLE="margin-top: 0.42cm; page-break-after: avoid"><FONT FACE="Arial, sans-serif"><FONT SIZE=4><B>Installing
+Step by Step</B></FONT></FONT></P>
+<P CLASS="western" ALIGN=CENTER><FONT SIZE=2>(Version 0.15)</FONT></P>
+<DIV ID="Inhaltsverzeichnis1" DIR="LTR">
+	<DIV ID="Inhaltsverzeichnis1_Head" DIR="LTR">
+		<P STYLE="margin-top: 0.42cm; page-break-after: avoid"><FONT FACE="Arial, sans-serif"><FONT SIZE=4 STYLE="font-size: 16pt"><B>Contents</B></FONT></FONT></P>
+	</DIV>
+	<P STYLE="margin-bottom: 0cm"> 1 Installing Executables and
+	Libraries	2</P>
+	<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"> 1.1 Installing
+	required Libraries	2</P>
+	<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"> 1.2 Installing
+	executables	2</P>
+	<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"> 1.3 Creating a
+	“plugdev” group	3</P>
+	<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"> 1.4 Uninstalling
+	other Fingerprint Solutions	3</P>
+	<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"> 1.5 Special
+	preparations for Lubuntu	3</P>
+	<P STYLE="margin-bottom: 0cm"> 2 Acquiring Fingerprints	3</P>
+	<P STYLE="margin-bottom: 0cm"> 3 Setting up Fingerprint
+	Authentication	3</P>
+	<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"> 3.1 Configuring
+	“su”	4</P>
+	<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"> 3.2 Configuring
+	“login”	5</P>
+	<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"> 3.3 Configuring
+	“sudo”	5</P>
+	<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"> 3.4 Configuring
+	“gdm”	5</P>
+	<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"> 3.5 Configuring
+	“gnome-screensaver”	6</P>
+	<P STYLE="margin-bottom: 0cm"> 4 Exporting Fingerprint Data and
+	Testing PAM Settings	6</P>
+	<P STYLE="margin-bottom: 0cm"> 5 Password Store	6</P>
+	<P STYLE="margin-bottom: 0cm"> 6 Troubleshooting	8</P>
+	<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"> 6.1 Gdm Greeter
+	doesn't show the Fingerprint GUI Widget or needs a long time (up to
+	20 seconds) to show it	8</P>
+	<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"> 6.2
+	Fingerprint-gui Error “Could not open fingerprint device”	8</P>
+	<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"> 6.3 Login on a
+	secure tty hangs with “OK” Message	8</P>
+	<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"> 6.4 You have a
+	fingerprint device from UPEK/SGS Thomson and get some “ABSOpen()
+	failed...” error message in /var/log/auth.log	8</P>
+	<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"> 6.5 Password can
+	not be saved to removable media	8</P>
+	<P STYLE="margin-bottom: 0cm"> 7 Known Limitations	9</P>
+	<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"> 7.1 Applications
+	that don't use PAM for prompting a password	9</P>
+	<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"> 7.2 Missing
+	XAUTHORITY environment variable	9</P>
+	<P STYLE="margin-left: 0.5cm; margin-bottom: 0cm"> 7.3 Other Linux
+	distributions	9</P>
+	<P STYLE="margin-left: 1cm; margin-bottom: 0cm">Debian 4.0	9</P>
+	<P STYLE="margin-left: 1cm; margin-bottom: 0cm">SuSE 11.1 (gnome
+	edition)	9</P>
+	<P STYLE="margin-left: 1cm; margin-bottom: 0cm">Slackware	9</P>
+</DIV>
+<P CLASS="western" ALIGN=CENTER><BR><BR>
+</P>
+<P CLASS="western"><BR><BR>
+</P>
+<P CLASS="western" STYLE="page-break-before: always">This HowTo
+describes the installation and setup of the “Fingerprint GUI”
+project. It was tested on <I><U>Ubuntu 8.04, 8.10, 9.04, 9.10 and
+10.04 Desktop</U></I>, <I><U>Lubuntu 10.04</U></I> and <I><U>Fedora
+10 and 12</U></I> (32bit versions) and <I><U>Ubuntu 8.10 9.04 and
+10.04 Desktop</U></I> (64bit version) each new installed with default
+settings. It is applicable for GDM/Gnome desktop systems only and <B>can
+</B><U><B>not</B></U><B> be used as a HowTo for KDE systems</B>. It
+should show the principles of installing and configuring the system
+and provide enough information needed for deployment in other Linux
+distributions. In the chapter <B>&quot;Other Linux distributions&quot;</B>,
+my experiences with these distributions are described. I didn't have
+the time to solve all those problems. That should be the
+responsibility of the distributors or of experienced users. Please
+contact me if you have the system installed properly to such a
+distribution or if you experience a bug.</P>
+<OL>
+	<LI><H1 CLASS="western">Installing Executables and Libraries</H1>
+</OL>
+<P CLASS="western">After downloading the
+“fingerprint-gui-x.y-&lt;arch&gt;.tar.gz” package please unpack
+it into some directory (<FONT FACE="Courier 10 Pitch"><FONT SIZE=2>tar
+-xzf fingerprint-gui-x.y-&lt;arch&gt;.tar.gz</FONT></FONT>). Then
+change to this directory and become “root”. The command for
+installation is “<FONT FACE="Courier 10 Pitch"><FONT SIZE=2>./install.sh
+[--uninstall]</FONT></FONT>”.  If you have a device from UPEK Inc.
+or SGS Thomson you will need the proprietary driver library
+“libbsapi.so” from UPEK Inc.  In this case you will be prompted
+for installing this library. If you chose “Yes” the “libbsapi.so”
+file (for your architecture) will be copied to “/usr/lib/” and
+“ldconfig” will be called then. If you have a device from other
+vendors you will not be prompted for installing “libbsapi.so”.
+Please have a look at the libfprint homepage
+(<A CLASS="western" HREF="http://reactivated.net/fprint/wiki/Main_Page">http://reactivated.net/fprint/wiki/Main_Page</A>)
+for a list of supported devices. 
+</P>
+<OL>
+	<OL>
+		<LI><H2 CLASS="western">Installing required Libraries</H2>
+	</OL>
+</OL>
+<P CLASS="western">When executing “./install.sh” as root it will
+probably print a list of missing libraries. Use your package manager
+to install the required packages and their dependencies. Below is a
+list of packages to install:</P>
+<P CLASS="western"><U>Ubuntu 10.04 Desktop:</U></P>
+<UL>
+	<LI><P CLASS="western">libfakekey0 
+	</P>
+	<LI><P CLASS="western">libfprint0 (<U><B>IMPORTANT</B></U>: Since
+	version 0.14 fingerprint-gui requires libfprint0 version
+	0.1.0~pre2-1 that is <U>not</U> part of the Ubuntu repository yet.
+	Please install this version from
+	<A CLASS="western" HREF="https://launchpad.net/~fingerprint/+archive/fprint">https://launchpad.net/~fingerprint/+archive/fprint</A>
+	.</P>
+	<LI><P CLASS="western">libqca2</P>
+	<LI><P CLASS="western">libqca2-plugin-ossl</P>
+	<LI><P CLASS="western">libqt4-xml</P>
+</UL>
+<P CLASS="western"><U>Fedora 12:</U></P>
+<UL>
+	<LI><P CLASS="western">libfakekey-0.1.3 
+	</P>
+	<LI><P CLASS="western">libfprint-0.1.0-14.pre2</P>
+	<LI><P CLASS="western">qt-x11-1:4.6.2-16</P>
+	<LI><P CLASS="western">qca2-2.0.2-2 
+	</P>
+</UL>
+<UL>
+	<LI><P CLASS="western">qca-ossl-2.0.0-0.8.beta3</P>
+</UL>
+<OL>
+	<OL START=2>
+		<LI><H2 CLASS="western">Installing executables</H2>
+	</OL>
+</OL>
+<P CLASS="western">If all required libraries are installed the
+“./install.sh” script will copy the executables and some other
+files to the following locations:</P>
+<UL>
+	<LI><P CLASS="western">“fingerprint-gui” and
+	“fingerprint-identifier” to /usr/local/bin/,</P>
+	<LI><P CLASS="western">“fingerprint-suid”, “fingerprint-helper”
+	and “fingerprint-plugin” to /usr/local/lib/fingerprint-gui/,</P>
+	<LI><P CLASS="western">A “Fingerprint GUI” entry in the “System
+	Settings” menu,</P>
+	<LI><P CLASS="western">The plugin “pam_fingerprint-gui.so” to
+	/lib/security/ (/lib64/security/ in Fedora 64bit),</P>
+	<LI><P CLASS="western">In case of a detected device from UPEK Inc.
+	or SGS Thomson your choice of “Yes” to the appropriate prompt
+	the library “libbsapi.so” to “/usr/lib”, a configuration
+	file “upek.cfg” to “/etc”, an udev-rules file
+	“91-fingerprint-gui-upek.rules” to “/etc/udev/rules.d” and
+	create a directory “/var/upek_data”.</P>
+</UL>
+<OL>
+	<OL START=3>
+		<LI><H2 CLASS="western">Creating a “plugdev” group</H2>
+	</OL>
+</OL>
+<P CLASS="western">While installation <SPAN STYLE="background: transparent">the</SPAN>
+ “./install.sh” script will check your “/etc/group” file for
+the existence of a group named “plugdev”. If it doesn't exist
+you'll get a warning. In this case please create this group and make
+all desktop users being members of this group or make sure all users
+have r/w access to the fingerprint scanner device by a proper setup
+of your “udev” configuration.</P>
+<OL>
+	<OL START=4>
+		<LI><H2 CLASS="western">Uninstalling other Fingerprint Solutions</H2>
+	</OL>
+</OL>
+<P CLASS="western">Because fingerprint-gui can conflict with other
+fingerprint PAM modules these must be uninstalled. Please make sure
+there is no “libpam-fprint”, “libpam-fprintd” or
+”libpam-thinkfinger” installed.</P>
+<P CLASS="western"><U><B>IMPORTANT:</B></U> On Fedora 12 you need to
+<U>uninstall</U> “gdm-plugin-fingerprint” and disable the
+fingerprint authentication in “system | administration |
+authentication”.</P>
+<OL>
+	<OL START=5>
+		<LI><H2 CLASS="western">Special preparations for Lubuntu</H2>
+	</OL>
+</OL>
+<P CLASS="western">The default display manager (lxdm) of Lubuntu
+doesn't work with fingerprint login. Please install “gdm” and
+make it the default display manager. If you want to use the default
+screensaver (xscreensaver) of Lubuntu please change settings of file
+“/etc/pam.d/xscreensaver” instead of
+“/etc/pam.d/gnome-screensaver” below. The setup for an embedded 
+keyboard command is <U>not</U> required in this case.</P>
+<OL START=2>
+	<LI><H1 CLASS="western" STYLE="page-break-after: avoid"><FONT FACE="Arial, sans-serif">Acquiring
+	Fingerprints</FONT></H1>
+</OL>
+<P CLASS="western">Now you should be able to call “fingerprint-gui”
+from the command line or use the “Fingerprint GUI” entry in the
+“System Settings” menu. Acquiring fingerprints should be
+self-explanatory in the “fingerprint-gui” program. Your
+fingerprints are stored in a
+“/var/lib/fingerprint-gui/&lt;your_username&gt;/” directory,
+where only you have access to. If you give the “--debug” argument
+to “fingerprint-gui” a lot of debug output is given to syslog (or
+/var/log/auth.log).</P>
+<P CLASS="western">After some users have registered their
+fingerprints you can test the fingerprint identification by calling
+“fingerprint-identifier” <U>as root</U> (execute “sudo
+fingerprint.identifier –debug”). This application can identify
+your users and print their login names to stdout.</P>
+<OL START=3>
+	<LI><H1 CLASS="western" STYLE="page-break-after: avoid">Setting up
+	Fingerprint Authentication</H1>
+</OL>
+<P CLASS="western">You need root permissions to make changes to your
+PAM configuration. First of all make a copy of your
+“/etc/pam.d/common-auth” file and name it
+“/etc/pam.d/common-auth.fingerprint”. Edit this file like
+follows:</P>
+<UL>
+	<LI><P CLASS="western">insert a line <FONT FACE="Courier New, monospace"><FONT SIZE=2><SPAN STYLE="text-decoration: none">“auth
+	 sufficient  pam_fingerprint-gui.so  --debug”</SPAN></FONT></FONT>
+	<B>as the first </B><B>line</B>;</P>
+	<LI><P CLASS="western">find the line containing “pam_unix.so”
+	and add the argument “try_first_pass” to the call of
+	“pam_unix.so”;</P>
+</UL>
+<P CLASS="western">The distributions differ slightly with regard to
+the filenames and their contents:</P>
+<P CLASS="western"><U>Ubuntu 10.04 Desktop:</U></P>
+<P CLASS="western">“/etc/pam.d/common-auth.fingerprint” is a copy
+of “/etc/pam.d/common-auth”. The changed lines in question read:</P>
+<P CLASS="western" STYLE="text-decoration: none">“<FONT FACE="Courier New, monospace"><FONT SIZE=2>auth	sufficient	pam_fingerprint-gui.so	--debug”</FONT></FONT></P>
+<P CLASS="western" STYLE="text-decoration: none">“<FONT FACE="Courier New, monospace"><FONT SIZE=2>auth	[success=1
+default=ignore]	pam_unix.so	try_first_pass nullok_secure”</FONT></FONT></P>
+<P CLASS="western"><U>Fedora 12:</U></P>
+<P CLASS="western">“/etc/pam.d/common-auth.fingerprint” is a copy
+of “/etc/pam.d/system-auth-ac”. The changed lines in question
+read:</P>
+<P CLASS="western" STYLE="text-decoration: none">“<FONT FACE="Courier New, monospace"><FONT SIZE=2>auth	sufficient	pam_fingerprint-gui.so
+--debug”</FONT></FONT></P>
+<P CLASS="western" STYLE="text-decoration: none">“<FONT FACE="Courier New, monospace"><FONT SIZE=2>auth	sufficient	pam_unix.so
+nullok try_first_pass”</FONT></FONT></P>
+<P CLASS="western">If you're finished setting up your
+“common-auth.fingerprint” file you can setup the services for
+fingerprint authentication now. It is assumed you have at least one
+fingerprint registered for your user account and one for root. Also
+make sure there is set a password for root (sudo passwd root).</P>
+<P CLASS="western">The following settings will change the existing
+reference to “common-auth” (“system-auth” in Fedora) to the
+new “common-auth.fingerprint” for the PAM services.</P>
+<P CLASS="western"><U><B>IMPORTANT NOTE:</B></U><SPAN STYLE="text-decoration: none"><SPAN STYLE="font-weight: normal">
+The following settings can lock access to your system completely if
+</SPAN></SPAN><SPAN STYLE="text-decoration: none"><SPAN STYLE="font-weight: normal">something
+goes wrong. So please open a secure tty (ctrl-alt-F2) and login as
+root there. This way you're able to undo the changes made in
+“/etc/pam.d/”.</SPAN></SPAN></P>
+<OL>
+	<OL>
+		<LI><H2 CLASS="western">Configuring “su”</H2>
+	</OL>
+</OL>
+<P CLASS="western">Edit the file “/etc/pam.d/su” and change the
+line “@include common-auth” to “@include
+common-auth.fingerprint” (on Ubuntu) or “auth include
+system-auth” to “auth include common-auth.fingerprint” (on
+Fedora).</P>
+<OL>
+	<OL>
+		<P CLASS="western"><U>Ubuntu:</U></P>
+	</OL>
+</OL>
+<P CLASS="western" STYLE="margin-left: 1.25cm; margin-bottom: 0cm">...</P>
+<P CLASS="western" STYLE="margin-left: 1.25cm; margin-bottom: 0cm">#@include
+common-auth 
+</P>
+<P CLASS="western" STYLE="margin-left: 1.25cm; margin-bottom: 0cm">@include
+common-auth.fingerprint 
+</P>
+<P CLASS="western" STYLE="margin-left: 1.25cm; margin-bottom: 0cm">@include
+common-account 
+</P>
+<P CLASS="western" STYLE="margin-left: 1.25cm; margin-bottom: 0cm">@include
+common-session 
+</P>
+<OL>
+	<OL>
+		<P CLASS="western" STYLE="margin-bottom: 0cm"></P>
+	</OL>
+</OL>
+<P CLASS="western" STYLE="margin-left: 1.25cm"><U>Fedora:</U></P>
+<P CLASS="western" STYLE="margin-left: 1.25cm; margin-bottom: 0cm">...</P>
+<P CLASS="western" STYLE="margin-left: 1.25cm; margin-bottom: 0cm">#auth
+ required  pam_wheel.so  use_uid 
+</P>
+<P CLASS="western" STYLE="margin-left: 1.25cm; margin-bottom: 0cm">auth
+ include  common-auth.fingerprint 
+</P>
+<P CLASS="western" STYLE="margin-left: 1.25cm; margin-bottom: 0cm">#auth
+ include  system-auth 
+</P>
+<P CLASS="western" STYLE="margin-left: 1.25cm; margin-bottom: 0cm">account
+ sufficient  pam_succeed_if.so uid = 0  use_uid  quiet</P>
+<P CLASS="western" STYLE="margin-left: 1.25cm; margin-bottom: 0cm">...
+</P>
+<P CLASS="western" STYLE="margin-left: 1.25cm; margin-bottom: 0cm"><BR>
+</P>
+<P CLASS="western">Then open a terminal window and call “su”. A
+password prompt should appear in the terminal <U><B>and</B></U><SPAN STYLE="text-decoration: none"><SPAN STYLE="font-weight: normal">
+the system should open a GUI widget requesting a finger swipe with
+the message “Authenticating </SPAN></SPAN><SPAN STYLE="text-decoration: none"><SPAN STYLE="font-weight: normal">root”
+in it's status bar. If you can become root by swiping the finger
+registered for root it works. You </SPAN></SPAN><SPAN STYLE="text-decoration: none"><SPAN STYLE="font-weight: normal">should
+also be able to become root by ignoring this GUI widget and typing
+root's password at the prompt.</SPAN></SPAN></P>
+<OL>
+	<OL START=2>
+		<LI><H2 CLASS="western">Configuring “login”</H2>
+	</OL>
+</OL>
+<P CLASS="western"><U><B>IMPORTANT:</B></U> On Fedora 12 SELinux
+denies access to the user's fingerprint data in
+“/var/lib/fingerprint-gui/...” while login. Currently I'm not
+able to setup a SELinux policy for fingerprint-gui. If you can be of
+assistance about this please contact me. If not, set your SELinux
+mode to “permissive” at least while testing login.</P>
+<P CLASS="western">Edit the file “/etc/pam.d/login” and change
+the line “@include common-auth” to “@include
+common-auth.fingerprint” (on Ubuntu) or “auth include
+system-auth” to “auth include common-auth.fingerprint” (on
+Fedora). Then change to a secure tty (e.g. ctrl-alt-F3), type the
+username and press enter. The password prompt should appear along
+with a message “Type your password or swipe your finger”. You
+should be able to login with a finger swipe and with typing the
+password as well.</P>
+<OL>
+	<OL START=3>
+		<LI><H2 CLASS="western">Configuring “sudo”</H2>
+	</OL>
+</OL>
+<P CLASS="western">Edit the file “/etc/pam.d/sudo” and change the
+line “@common-auth” to “@common-auth.fingerprint” (on Ubuntu)
+or “auth include system-auth” to “auth include
+common-auth.fingerprint” (on Fedora). Make sure your login name is
+in the sudoers file. Then open a terminal window and call “sudo
+gnome-terminal”. After swiping your finger the gnome-terminal
+should open with root permissions.</P>
+<OL>
+	<OL START=4>
+		<LI><H2 CLASS="western">Configuring “gdm”</H2>
+	</OL>
+</OL>
+<P CLASS="western">In order to be able to login into a desktop
+session you need to configure your gdm (probably with gdmsetup).
+Disable “autologin”, “timed login” and “userlist”. Use
+the command (this is one line!) to disable the userlist:</P>
+<P CLASS="western"><FONT FACE="Courier 10 Pitch"><FONT SIZE=2>sudo
+gconftool-2 --direct --config-source
+xml:readwrite:/etc/gconf/gconf.xml.defaults --type bool --set
+/apps/gdm/simple-greeter/disable_user_list true</FONT></FONT></P>
+<P CLASS="western">Then double check you have a root session on a
+secure tty open (for undoing the changes if something goes wrong). 
+</P>
+<P CLASS="western"><U>On Ubuntu</U> edit the file “/etc/pam.d/gdm”
+and change the line “@include common-auth” to “@include
+common-auth.fingerprint”.</P>
+<P CLASS="western"><U>On Kubuntu</U> edit the file “/etc/pam.d/kdm”
+and change the line “@include common-auth” to “@include
+common-auth.fingerprint” and move this line to the beginning of the
+file. Then start “System settings | Advanced&quot; and open the
+“Convenience” tab. Disable “Enable Auto-login” and “Focus
+password” and set “Previous” as the default user for login. You
+can then login with your fingerprint after pressing &lt;enter&gt; in
+the kdm greeter.</P>
+<P CLASS="western"><U>On Fedora</U> edit the file
+“/etc/pam.d/gdm-password” and change the line “auth substack
+system-auth” to “auth substack common-auth.fingerprint”. 
+</P>
+<P CLASS="western">If there is a line reading “auth  requisite 
+pam_nologin.so” <B>comment this line out or remove it</B>.  Now
+logout from your gnome session. The gdm greeter should show a login
+prompt <B>and</B> the GUI widget requesting a finger swipe below. You
+should be able to login with fingerprint and with name/password as
+well.</P>
+<OL>
+	<OL START=5>
+		<LI><H2 CLASS="western">Configuring “gnome-screensaver”</H2>
+	</OL>
+</OL>
+<P CLASS="western">Gnome-screensaver needs a plugin to display the
+fingerprint GUI widget to the user while unlocking. To start this
+plugin with the gnome-screensaver-dialog open the gconf-editor, find
+the “apps | gnome-screensaver” entry and <B>enable</B> the
+“embedded_keyboard_enabled” item. Then invoke the string
+“/usr/local/lib/fingerprint-gui/fingerprint-plugin -d” as the
+“/apps/gnome-screensaver/embedded_keyboard_command” and close
+gconf-editor. <B>This step needs to be taken by every user who wants
+to unlock his/her gnome-screensaver by fingerprint on that machine!</B></P>
+<P CLASS="western">Then edit the file “/etc/pam.d/gnome-screensaver”
+change the line “@include common-auth” to “@include
+common-auth.fingerprint” (on Ubuntu) or “auth include
+system-auth” to “auth include common-auth.fingerprint” (on
+Fedora). Double check you have a root session on a secure tty open
+(for undoing the changes if something goes wrong) before testing. You
+can now lock your screen and should be able to unlock it with a
+fingerswipe or with your password.</P>
+<P CLASS="western">For setting up the screensaver in Lubuntu please
+refer to “Special preparations for Lubuntu” above.</P>
+<OL START=4>
+	<LI><H1 CLASS="western" STYLE="page-break-after: avoid">Exporting
+	Fingerprint Data and Testing PAM Settings</H1>
+</OL>
+<P CLASS="western">With “fingerprint-gui” (“Settings” Tab)
+users can export their fingerprint data (bir files) and test the PAM
+settings of the current machine for proper setup for fingerprint
+authentication.</P>
+<P CLASS="western">With the  “Export now” button all data stored
+for this user (in /var/lib/fingerprint-gui/&lt;username&gt;/) are
+exported to a file “Fingerprints.tar.gz” in the user's home
+directory.</P>
+<P CLASS="western">To test for proper PAM settings the “Test”
+button can be used. First chose the PAM service to be tested then
+click the “Test” button. In case of proper settings the
+fingerprint-helper widget will appear and after a finger swipe the
+message “Authentication successful” will appear in the text field
+below. If nothing happens the PAM settings might be invalid. You can
+press &lt;enter&gt; to abort the test in this case.</P>
+<OL START=5>
+	<LI><H1 CLASS="western">Password Store</H1>
+</OL>
+<P CLASS="western">There are applications that need a password for
+encrypting or decrypting something on your system. Probably
+gnome-keyring is the most widespread of such applications. Also an
+<B>encrypted home directory</B> needs a password to decrypt when a
+user logs in. These applications sometimes get their key for
+decrypting (e.g. for the password safe) by querying the PAM session
+environment for the password given by the user at login. But when the
+user was logged in with a fingerprint there is no password stored in
+the PAM session environment. So the application will prompt the user
+for a password when needed (e.g. if a wireless WPA connection has to
+be established by the Gnome Network Manager or if you want to access
+your email account with Evolution) even if the user was logged in
+already.</P>
+<P CLASS="western" STYLE="margin-top: 0.42cm"><SPAN STYLE="text-decoration: none"><B>Since
+version 0.11 of Fingerprint GUI there is a solution:</B></SPAN> You
+can use some removable media (USB stick) to save your (encrypted)
+password there. If the media is connected to your machine while you
+login with your fingerprint the “pam_fingerprint-gui.so” module
+can decrypt the password and send it to the PAM session environment. 
+</P>
+<P CLASS="western" STYLE="margin-top: 0.42cm"><B>PLEASE READ
+CAREFULLY NOW AND USE THIS FEATURE ONLY IF YOU UNDESTAND HOW IT
+WORKS!</B></P>
+<P CLASS="western" STYLE="margin-top: 0.42cm">If you use the
+“Password” tab of “fingerprint-gui” you can chose a directory
+on some removable media, then type your login password twice and
+click the “Save” button. The removable media must be mounted and
+you must have write permission there. This is where “fingerprint-gui”
+creates a subdirectory “.fingerprints” and writes a file
+“&lt;<A CLASS="western" HREF="mailto:username@machinename.xml">username&gt;@&lt;machinename&gt;.xml</A>”
+containing the encrypted password. The key for decrypting this
+password, the path for the “&lt;<A CLASS="western" HREF="mailto:username@machinename.xml">username&gt;@&lt;machinename&gt;.xml</A>”
+file and the UUID of the removable media are saved in a file
+“/var/lib/fingerprint-gui/&lt;username&gt;/config.xml” (probably
+on your local HDD).</P>
+<P CLASS="western" STYLE="margin-top: 0.42cm">When you login using
+your fingerprint the “pam_fingerprint-gui.so” module reads the
+“/var/lib/fingerprint-gui/&lt;username&gt;/config.xml” file,
+finds the “&lt;<A CLASS="western" HREF="mailto:username@machinename.xml">username&gt;@&lt;machinename&gt;.xml</A>”
+file on the removable media (if it is connected and has the given
+UUID), mounts it, decrypts the password and saves it to the PAM
+session environment where gnome-keyring or other permitted
+applications can read it. This avoids your system asking for the
+password again. 
+</P>
+<P CLASS="western" STYLE="margin-top: 0.42cm">In case of a
+fingerprint login to a session with an encrypted user home a message
+“!!!ERROR: FOUND ENCRYPTED HOMEDIR BUT NO PASSWORD!!!&quot; will
+appear in the gdm greeter and the login by fingerprint will fail,
+when the external media keeping the encrypted password could not be
+found.</P>
+<P CLASS="western" STYLE="margin-top: 0.42cm"><B>PLEASE NOTE THE
+FOLLOWING RESTRICTIONS:</B></P>
+<UL>
+	<LI><P CLASS="western" STYLE="margin-top: 0.42cm">Do <U>not</U> use
+	this feature if someone other then you has root permissions on this
+	machine. This is because root can connect to the machine via telnet,
+	ssh or something like this, mount the external media, find the
+	“&lt;<A CLASS="western" HREF="mailto:username@machinename.xml">username&gt;@&lt;machinename&gt;.xml</A>”
+	file, read the “/var/lib/fingerprint-gui/&lt;username&gt;/config.xml”
+	file and decrypt your password.</P>
+	<LI><P CLASS="western" STYLE="margin-top: 0.42cm">Do <U>not</U>
+	connect the removable media if it isn't needed. The
+	“pam_fingerprint-gui.so” module only needs it while login is in
+	progress. It mounts the partition with the given UUID containing the
+	“&lt;<A CLASS="western" HREF="mailto:username@machinename.xml">username&gt;@&lt;machinename&gt;.xml</A>”
+	file and unmounts it immediately after it has read the file.</P>
+	<LI><P CLASS="western" STYLE="margin-top: 0.42cm">Do <U>never</U>
+	leave the removable media and the computer at the same location
+	unattended. Someone could copy both files and decrypt your password
+	later.</P>
+	<LI><P CLASS="western" STYLE="margin-top: 0.42cm">You don't need to
+	type your password any more so you can use a very long and strong
+	password now. But do <U>not</U> forget your password! You would not
+	be able to unlock your login-keyring any more if your removable
+	media gets lost or corrupted.</P>
+	<LI><P CLASS="western" STYLE="margin-top: 0.42cm">If you change your
+	login password on this machine you need to use “fingerprint-gui”
+	again and save the new password to the removable media.</P>
+</UL>
+<P CLASS="western" STYLE="margin-top: 0.42cm"><U>This is how I use
+this feature for myself:</U></P>
+<P CLASS="western" STYLE="margin-top: 0.42cm">My USB stick has 3
+partitions: One “vfat” (/dev/sdb1) to keep files to be
+transferred to other machines, one “luks_crypto” (/dev/sdb2)
+partition to keep my secret data and a very small (3MB) “ext2”
+(/dev/sdb3) partition to hold the “&lt;<A CLASS="western" HREF="mailto:username@machinename.xml">username&gt;@&lt;machinename&gt;.xml</A>”
+file. Corresponding entries in /etc/fstab ensure that the partitions
+sdb2 and sdb3 are not automatic mounted. Needless to say that I'm the
+only person who has root access to my notebook.</P>
+<P CLASS="western" STYLE="margin-top: 0.42cm">While booting my
+notebook I connect the USB stick until I'm logged in with my
+fingerprint, then remove the stick immediately and reconnect it only
+(and only as long as needed!) if I want to copy something from or to
+it. Because I don't need to invoke my password any more I use a very
+strong and cryptic login password.</P>
+<OL START=6>
+	<LI><H1 CLASS="western">Troubleshooting</H1>
+	<OL>
+		<LI><H2 CLASS="western"><FONT FACE="Arial, sans-serif">Gdm Greeter
+		doesn't show the Fingerprint GUI Widget or needs a long time (up to
+		20 seconds) to show it</FONT></H2>
+	</OL>
+</OL>
+<P CLASS="western" STYLE="margin-top: 0.42cm">This behavior was seen
+on Fedora 12 with SELinux set to “enforcing”. Please set the
+system default of SELinux to “permissive” (or help me setting up
+SELinux rules that can be installed with Fingerprint GUI).</P>
+<OL>
+	<OL START=2>
+		<LI><H2 CLASS="western"><FONT FACE="Arial, sans-serif">Fingerprint-gui
+		Error “Could not open fingerprint device”</FONT></H2>
+	</OL>
+</OL>
+<P CLASS="western">On some systems the file
+“/etc/udev/rules.d/40-libfprint0.rules” (or something like this
+in “/lib/udev/rules.d”) installed by the “libfprint” package
+doesn't work properly. It should help to rename this file so it is
+invoked at a later time. In all known cases renaming it to
+“91-libfprint0.rules” solved the problem. <B>You should also make
+sure your fingerprint scanner hardware has an entry in this file</B>.</P>
+<OL>
+	<OL START=3>
+		<LI><H2 CLASS="western"><A NAME="DDE_LINK"></A><FONT FACE="Arial, sans-serif">Login
+		</FONT>on a secure tty hangs with “OK” Message</H2>
+	</OL>
+</OL>
+<P CLASS="western">If you try to login on a secure tty the prompt
+“Swipe your finger or type your password” appears. If you swipe
+the finger the message “OK” appears and then nothing happens. In
+this case the “uinput” device doesn't work. Make sure the
+“uinput” module is loaded (“lsmod | grep uinput”), the device
+exists in “/dev/input/uinput”, “/dev/misc/uinput” or
+“/dev/uinput” and you have write permission to it. On Ubuntu add
+a line “uinput” to the file “/etc/modules” and restart.</P>
+<OL>
+	<OL START=4>
+		<LI><H2 CLASS="western">You have a fingerprint device from UPEK/SGS
+		Thomson and get some <FONT FACE="Courier New, monospace"><FONT SIZE=2>“ABSOpen()
+		failed...”</FONT></FONT> error message in /var/log/auth.log</H2>
+	</OL>
+</OL>
+<P CLASS="western">This is probably a problem with the proprietary
+UPEK driver (libbsapi.so). Maybe your device needs the &quot;NVM
+emulation&quot;. Please have a look into this document:
+<BR><A CLASS="western" HREF="http://www.n-view.net/Appliance//fingerprint/BSAPIUsageonLinux.pdf">http://www.n-view.net/Appliance//fingerprint/BSAPIUsageonLinux.pdf</A>
+<BR>and try to setup the emulation for your device. 
+</P>
+<OL>
+	<OL START=5>
+		<LI><H2 CLASS="western"><A NAME="DDE_LINK2"></A><FONT FACE="Arial, sans-serif">P</FONT><FONT FACE="Arial, sans-serif">assword
+		can not be saved to removable media</FONT></H2>
+	</OL>
+</OL>
+<P CLASS="western">If you find an entry reading:</P>
+<P CLASS="western" STYLE="margin-top: 0.42cm"><FONT FACE="Courier New, monospace"><FONT SIZE=2>&quot;AES128-CBC
+not supported! Provider (libqca-ossl.so) not installed?&quot;</FONT></FONT></P>
+<P CLASS="western">in the log files, the plugin library for
+encryption is missing. Install the “libqca2-plugin-ossl” package
+(Ubuntu) or a similar encryption plugin.</P>
+<P CLASS="western">In other cases make sure the media is removable,
+contains a valid partition and is mounted with read/write permission.</P>
+<OL START=7>
+	<LI><H1 CLASS="western">Known Limitations</H1>
+	<OL>
+		<LI><H2 CLASS="western">Applications that don't use PAM for
+		prompting a password</H2>
+	</OL>
+</OL>
+<P CLASS="western">The normal way to use PAM for authentication is to
+let the PAM system prompt the user for a username and/or a password.
+PAM uses then a callback function of the calling application for
+prompting something in it's own style. If called back by PAM the
+application can decide how it wants to prompt for name or password;
+if not called back, PAM has performed the authentication in another
+way (fingerprint, smart card, iris scanner or whatever). Maybe they
+didn't understand that or had another reason not to use that
+mechanism, the developers of some applications decided to prompt for
+password or username <U>before</U> calling PAM. In this case the
+“pam_fingerprint-gui.so” plugin is called at a time where the
+password is already known by the PAM stack and therefore exits
+immediately. Fingerprint authentication is not possible then.</P>
+<OL>
+	<OL START=2>
+		<LI><H2 CLASS="western">Missing XAUTHORITY environment variable</H2>
+	</OL>
+</OL>
+<P CLASS="western">When calling PAM some applications don't have a
+XAUTHORITY variable in their environment. “pam_fingerprint-gui.so”
+tries hard to find the “MIT Magic Cookie” to be used to connect
+to the current display but in some cases it fails. I guess this is in
+several KDE applications the reason for not being able to show the
+fingerprint widget. Maybe I'll find some better solution in a later
+version.</P>
+<OL>
+	<OL START=3>
+		<LI><H2 CLASS="western" STYLE="page-break-after: avoid">Other <FONT FACE="Arial, sans-serif">Linux</FONT>
+		distributions</H2>
+	</OL>
+</OL>
+<H3 CLASS="western">Debian 4.0</H3>
+<P CLASS="western">I didn't find any way to install libfprint. There
+is neither a package available nor do the sources compile without
+errors. Didn't want to waste more time with it.</P>
+<H3 CLASS="western">SuSE 11.1 (gnome edition)</H3>
+<P CLASS="western">The gdm used in SuSE behaves totally strange. It
+doesn't allow to show the fingerprint widget. Maybe it's only some
+setting to be changed or the original source installation of gdm to
+be used. Neither found any useful documentation about it nor had the
+time to try a fresh compiled gdm from sources. I gave up!</P>
+<H3 CLASS="western">Slackware</H3>
+<P CLASS="western">Slackware might need someone who has enough spare
+time to make it “PAM aware”. Not me!</P>
+<P CLASS="western"><BR><BR>
+</P>
+<P CLASS="western"><B>So if you are interested to bring Fingerprint
+GUI to work on some other distributions first read the “Hacking”
+document of this project for hints about how it works. If you need
+further information about it contact me. If you managed to make it up
+and running write a HowTo and let me know.</B></P>
+<P CLASS="western"><BR><BR>
+</P>
+<P CLASS="western" STYLE="border-top: none; border-bottom: 1.00pt solid #000000; border-left: none; border-right: none; padding-top: 0cm; padding-bottom: 0.07cm; padding-left: 0cm; padding-right: 0cm">
+<B>Ubuntu and Fedora users should have no serious problems; so have
+fun with it!</B></P>
+<P CLASS="western"><BR><BR>
+</P>
+</BODY>
+</HTML>
\ No newline at end of file

diff --git a/sys-auth/fingerprint-gui/fingerprint-gui-1.00.ebuild b/sys-auth/fingerprint-gui/fingerprint-gui-1.00.ebuild
new file mode 100644
index 0000000..4fd6c06
--- /dev/null
+++ b/sys-auth/fingerprint-gui/fingerprint-gui-1.00.ebuild
@@ -0,0 +1,60 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+EAPI="3"
+
+inherit qt4-r2 versionator multilib
+#pam
+
+MY_PV=$(replace_version_separator 2 -)
+DESCRIPTION="Use Fingerprint Devices with Linux"
+HOMEPAGE="http://www.n-view.net/Appliance/fingerprint/"
+SRC_URI="http://www.n-view.net/Appliance/fingerprint/download/${PN}-${MY_PV}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~x86 ~amd64"
+IUSE="upekbsapi"
+
+DEPEND="
+	!sys-auth/pam_fprint
+	!sys-auth/fprintd
+	!sys-auth/thinkfinger
+	>=sys-auth/libfprint-0.1.0_pre2
+	x11-libs/libfakekey
+	>=app-crypt/qca-2.0.0
+	>=app-crypt/qca-ossl-2.0.0_beta3
+	sys-auth/upekbsapi-bin[headers]
+	x11-libs/qt-core:4
+	x11-libs/qt-gui:4
+"
+RDEPEND="${DEPEND}"
+
+S="${WORKDIR}/${PN}-${MY_PV}"
+
+src_configure() {
+	eqmake4 \
+		PREFIX="$EROOT/usr" \
+		LIB="$(get_libdir)" \
+		LIBEXEC=libexec \
+		LIBPOLKIT_QT=LIBPOLKIT_QT_1_1 || die "qmake4 failed"
+}
+
+src_install() {
+	emake INSTALL_ROOT="${D}" DESTDIR="${D}" install || die "emake install failed"
+	domenu bin/fingerprint-gui/fingerprint-gui.desktop
+	dodoc CHANGELOG README IMPORTANT-UPGRADE-INFORMATION.txt \
+		"${FILESDIR}/Install-step-by-step.html"
+}
+
+pkg_postinst() {
+	elog "1) You may want to add the followingline to the first of /etc/pam.d/system-auth"
+	elog "   auth        sufficient  pam_fingerprint-gui.so"
+	elog "2) You must be in the plugdev group to use fingerprint"
+	if use upekbsapi; then
+		elog "3) You select to install upeks bsapi library, it's not open-sourced."
+		elog "   Use it in your own risk."
+	fi
+	elog "*) Please see /usr/share/doc/${P}/Install-step-by-step.* to configure your device"
+}

diff --git a/sys-auth/fingerprint-gui/metadata.xml b/sys-auth/fingerprint-gui/metadata.xml
new file mode 100644
index 0000000..c3bb234
--- /dev/null
+++ b/sys-auth/fingerprint-gui/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer>
+		<email>alexxy@gentoo.org</email>
+		<name>Alexey Shvetsov</name>
+	</maintainer>
+	<use>
+		<flag name='upekbsapi'>Use upek binary drivers</flag>
+	</use>
+</pkgmetadata>