Ubuntu Lucid: Enable fingerprint authentication on Lenovo T60

I configured fingerprint authentication on my Lenovo T60, here's the procedure.

NOTE: This is supposed to work with any compatible fingerprint hardware not just T60.

NOTE2:under some circumstances fprint stops responding, so this is not stable enough for production purposes.

Here's how:

1. Install fprint-demo (sudo apt-get install fprint-demo)
2. Run the fprint-demo application and configure the fingers you want to use to log in.
   TIP: make sure to verify the fingerprint before leaving this application, otherwise, you may not be able to use it for authentication
3. sudo gedit /etc/pam.d/common-auth 
4.  Add this line to the file: auth sufficient pam_fprint.so. 

NOTE: The changes on this file apply inmediately, this means, if you screw things up, and even lock your computer, you may not be able lo log in back again. Just in case, have a live cd available. Log in using the live cd, mount the ext partition and edit this file manually, this will get you back in. At least this worked for me ;-)


Here's how my file looks like: 

#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.
auth sufficient pam_fprint.so
# here are the per-package modules (the "Primary" block)pam.d
auth    [success=2 default=ignore]    pam_unix.so nullok_secure
auth    [success=1 default=ignore]    pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
# here's the fallback if no module succeeds
auth    requisite            pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth    required            pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config
#auth required pam_unix.so nullok_secure
After these steps, try locking your session, when unlocking you will be prompted for a fingerprint, if you fail to provide the correct fingerprint, the system will failover to ask a password.