wiki:Linux/Ubuntu/BluetoothLoginAndLocking

Bluetooth Login and Locking

Sometimes the simplest stuff has the ability to amaze and bring a big grin to my face, and this is a case in point. I've been doing some research for a project to develop an Accessible keyboard for mobile phones - something to help people who have problems with the ridiculously small keys on most up-to-date phones. As part of that I was investigating how to control Sony Ericsson phones and was using a Bluetooth rfcomm serial link from the PC to send AT commands.

That led me to searching for some bluetooth tools and I discovered two absolute winners. The first is a Gnome applet called  BlueProximity that automatically locks and unlocks the system based on how far away a Bluetooth device is. The second is a bluetooth Pluggable Authentication Module (PAM) for authentication based on the presence of a Bluetooth device.

The result of using both is that I can now log-in and automatically have the screen lock/unlock (and run other commands) based on the presence of my mobile phone. Seeing as it is usually in my pocket this means if I walk away from the PC I don't need to remember to manually lock the screen.

Install

Install the packages:

sudo apt-get install libpam-blue blueproximity

Prepare the Bluetooth Device

Switch the Bluetooth device on and pair it with the PC. Both the device and Gnome Bluetooth Applet should prompt for a PIN and then pair themselves.

Obtain the Bluetooth Device Media Access Control (MAC)

At a terminal discover the Bluetooth device's MAC:

$ hcitool scan
Scanning ...
	00:04:76:BB:24:03	deskjet 995c
	00:18:13:9E:E0:DF	Phone

Configure pam-blue

Add pam-blue to the list of PAM modules Gnome Display Manager (GDM) consults for authentication when a username has been typed:

$ sudo sed -i 's/^\(@include common-auth\)$/auth\tsufficient\tpam_blue.so\n\1/' /etc/pam.d/gdm

I'm using "Phone" as the authentication device so its MAC needs adding to the configuration file for pam-blue. The default file needs removing since it contains a set of unwanted active definitions. I'm setting this up for the user 'tj'. I could set up more users, or set up a group by prefixing the group name with @:

$ sudo mv /etc/security/bluesscan.conf /etc/security/bluesscan.conf.example
$ cat <<EOF >/tmp/bluesscan.conf
general {
  timeout = 3;
}
tj = {
  name = Phone;
  bluemac = 00:18:13:9E:E0:DF;
  timeout = 5;
}
EOF
$ sudo mv /tmp/bluesscan.conf /etc/security/bluesscan.conf

That's it. Now, when the user "tj" logs in pam-blue will spend up to 5 seconds scanning for the Bluetooth MAC defined in the configuration file. If it discovers it, the user will be logged in without having to type a password. If the device isn't present the user can type a password.

Configure BlueProximity

Start BlueProximity

From the Applications menu choose Accessories > BlueProximity. You'll see a new icon in the notification area of the Gnome panel. Press the right button of the mouse whilst the cursor is over the icon and the Preferences dialog will appear. On the Bluetooth Device tab scan for devices, highlight the authentication device, and press the Use selected device button.

Note: Make sure some other application doesn't currently have an open connection to the device or else BlueProximity might not be able to connect. I found Gnome Phone Manager was preventing BlueProximity from scanning for an RFCOMM channel.

The default settings on the Proximity Details and Locking tabs are suitable in most cases but you might want to play around with them. On the Proximity Details tab the slider at the bottom that is grayed out is automatically updated to show the distance between the PC and device. Take the device a few meters away and the value will increase from around zero (assuming the device is currently next to the PC) to some higher value.

Note: Whilst the Preferences dialog is open locking won't work - hovering the mouse over the notification icon will show BlueProximity is in Simulation mode.

The commands on the Locking page could be edited to run multiple programs or to call a shell script that would run several programs. Some people have commands to set their online status in Pidgin (aka GAIM) to away, pause the media player, and several other useful tasks.

Configure Gnome Screensaver

BlueProximity won't do anything if the screensaver isn't configured to lock the screen. From the System menu choose Preferences > Screensaver. ensure that both "Activate screensaver when computer is idle" and "Lock screen when screensaver is active" are enabled.

Start In Every Session

For this to be effective the applet should be started every time the user logs in. From the System menu choose Preferences > Sessions. On the Startup Programs tab press the Add button then add the details:

Name:    BlueProximity
Command: /usr/bin/blueproximity
Comment: Lock/Unlock based on bluetooth device

Press the OK button and the Close.

Problems

One side-effect of using pam-blue for authentication is that the Gnome login key-ring isn't unlocked automatically at log-in because the user hasn't typed in the password. It means that programs like Evolution email will cause a dialog to pop-up asking for the master key-ring password.

Conclusion

With the addition of these two simple programs the experience of using the PC seems much more impressive - it certainly has that wow factor amongst friends.