Gaopeng : > Project Overview: > ----------------- > The biometrics technology grows fast. Fingerprint authentication is > widely used in many situations. It's a valuable feature to support > fingerprint in Solaris. This project is going to provide a complete and > extendible solution to support fingerprint in Solaris.
I think you mean "extensible". I agree that if this is an extensible solution, we shouldn't be using strings like "fpr" or other strings that are fingerprint reader specific with the solution. > Project Description: > -------------------- > Since the fingerprint devices have not standard class specifications and > USB is the most popular I/O interface. We plan to support varied USB > fingerprint readers by presenting a user-land driver framework(libfpr) > based on libusb. A PAM module(pam_fpr) is presented to support dual-mode > (user-passwd and fingerprint) authentication. The fingerprint management > tool(fprmgmt) will be delivered, and gdm/login will be updated to > support dual-mode login. The architecture is as the following, I think that the dual-mode login idea is a good one, but what happens in a situation where I want a more complicated PAM setup. For example, what about where I want smart card, fingerprint reader, and password to all work. Is this framework extensible enough to allow such setups? What if I have two dual-mode PAM modules. One for fingerprint reader and user-password and a second dual-mode PAM module for smartcard reader and user-password. Would things get a little ugly if I tried to use them both together? > gdm/login xscreensaver ... fprmgmt ==> PAM services and tool > | | | | > ---------------------------------- > | > PAM > | > pam_fpr ==> fingerprint auth/tok module > | > fpr_modules----> libfpr ==> userland fingerprint drivers > | > libusb > > 1) libfpr is a library of fingerprint reader drivers based on libusb. It > provides a set of functions to let upper level applications operate the > fingerprint devices. And it provides another set of interfaces for > advanced users, who can developed a module for a customized fingerprint > device. The module can be loaded and integrated as a part of libfpr. > > 2) pam_fpr is a pluggable module for PAM stack as well as an application > based on libfpr. It implements pam_sm_authenticate() and > pam_sm_chauthtok() to make it possible to enroll or identify with > fingerprint. To support dual-mode (user-passwd and fingerprint) > authentication, the architecture of pam_fpr is designed with multiple > threads. Users can login by either user-passwd or fingerprint with > dual-mode. > > 3) fprmgmt is tool to manage the fingerprint records. Users can register > or un-register their fingerprint by it. A GUI will be wrapped to make it > nice-looking and friendly to users. gdm is selected as the default login > GUI. > > > Project Target: > --------------- > 1) First step, this project focuses on the support of desktop systems. > It stores and manages the fingerprint records in local system. > 2) Second step, NIS, NIS+, LDAP and SunRay support will be considered. > > > Communities of interest: > ----------------------- > Device Drivers > Security > Desktop > > _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
