[Tutorial] Installing Howdy: Now it's personal

After a long time and thanks to trial and error I managed to get Howdy working on EndeavourOS and you can too!

Step 1: Howdy AUR.
Just install the Howdy’s AUR package the way you want, in my case I install it with pamac.

Step 2: Identify which is your login manager.
In my case I use KDE so I have Sddm, but in your case you may use LightDM, xcreenaver, sudo, etc.

Step 3: Pam.py files.
The next step and the most confusing is the Pam files, on the github page it says that you should follow Howdy’s Arch page where it says to modify any Pam configuration file, really what is meant here is that you must modify exactly the Pam.py file that you need in your particular case.

How do I know which one to modify?
For that has been step 2! in my case it is /etc/pam.d/sddm because I use Sddm, but in your case it can be:

• LightDM: /etc/pam.d/lightdm

• Sddm: /etc/pam.d/sddm

• Sudo: /etc/pam.d/sudo

• xscreenaver: /etc/pam.d/xscreensaver

Use your favorite editor to add the line of code auth sufficient pam_python.so /lib/security/howdy/pam.py just below the first line of code which is usually #%PAM-1.0 but it can vary, its not important for what we want.

We also need to add auth sufficient pam_unix.so try_first_pass likeauth nullok In order to use either a password or a face, this line must be on top of the file.

In my case I have used Kate and it has turned out like this:

#%PAM-1.0

auth        sufficient  pam_unix.so try_first_pass likeauth nullok
auth        sufficient  pam_python.so /lib/security/howdy/pam.py
auth		include		system-login
-auth		optional	pam_gnome_keyring.so
-auth   optional  pam_kwallet5.so

account		include		system-login

password	include		system-login
-password	optional	pam_gnome_keyring.so use_authtok

session		optional	pam_keyinit.so force revoke
session		include		system-login
-session		optional	pam_gnome_keyring.so auto_start
-session  optional  pam_kwallet5.so auto_start

//////////////
From this moment on, the steps are simply to follow the Arch page since the worst is over, but I will continue explaining so that you do not get lost in any case.
//////////////

Step 4: Find your IR sensors.
This is what will be used to detect your face, it can be just the normal camera, the specific light/depth sensors or even both, it all depends on your hardware.

The sensor can be identified by several programs, the ones recommended in the Arch guide are Cheese, fswebcam and v4l-utils, in my case trying each one I saw that by default I have the latest one installed so its the one I will use.

When opening the command terminal I entered v4l2-ctl --list-devices getting the following output:

USB2.0 HD UVC WebCam: USB2.0 HD (usb-0000:0b:00.0-1):
        /dev/video0
        /dev/video1
        /dev/video2
        /dev/video3
        /dev/media0
        /dev/media1

Now you will say, and what does all this mean? good question, the answer is that everything varies, there is no sensor that is always correct because we all have different hardware, so it will be trial and error, I can only tell you that normally one of the first lists is usually the correct one.

For now save all the result because it will be needed in the next step

Step 5: Trial and error to add the correct IR sensor
Now we have to tell Howdy what sensor we want it to use, this part is fun but if you have a lot of sensors maybe it wouldn’t be so much.

We have to open the howdy configuration file with the editor we want, we will find it in the following path: /lib/security/howdy/config.ini
(I recommend to run the command sudo howdy config to get in easier)

Inside we will find many options that we can configure to our liking, I recommend you take a look at it later.

We will look for the line of code that contains the following: device_path = null and we will change “null” for each of the /dev/videoX that we have previously found.

In my case /dev/video1 activates the camera and /dev/video2 activates the sensors, so I decided to use video2. It should look like this:

# The path of the device to capture frames from
# Should be set automatically by an installer if your distro has one
device_path = /dev/video2

Save the changes, it will probably ask you for your password.

Step 6: How can I know what each sensor does?
This step goes along with the previous one of trial and error, what we will do is use a tool that Howdy gives us to test that everything works well, in this way we will test the various /dev/videoX that we have.

We have to go to the command terminal and type sudo howdy test

After writing our password, a tab opens that shows what Howdy will see when it tries to unlock your device, if it doesn’t show anything, you will have to change the path to another from the list, good luck with that.

Note: the tab is closed by pressing ctrl+C in the command terminal.

As I said before, I discovered that /dev/video2 triggered my device’s sensors.

Howdy test770×585 148 KB

Step 7: Add your beautiful face.
Just run sudo howdy add in the command terminal, enter your password, type a name for the face model you are going to register and remember to look at the camera saying cheese!!

CONGRATULATIONS

Now you can use Howdy to log in, remember to check the configuration file because you can make the program take photos of people who fail to log in.

To use Howdy simply try to log in leaving the password field blank.

TIPS

1. If you use KDE, you most likely have “KDE lock screen” that behaves differently from the login manager, so to use Howdy every time you lock the session you must run the following command: sudo chmod -R 755 /lib/security/howdy and reboot.

2. THIS IS NOT RECOMMENDED IN SECURITY TERMS (But it is your GNU/Linux system and you can customize it however you want).
   You can activate howdy whenever root permissions are needed, for example when updating system/applications or typing sudo in the command terminal (su is not included).
   To do this we must put the same lines of code as in step 3>
   (auth sufficient pam_unix.so try_first_pass likeauth nullok
auth sufficient pam_python.so /lib/security/howdy/pam.py)
   in the same way but in the file /etc/pam.d/system-auth.

3. Make sure you have the howdy config file with capture_successful = false because we don’t want to fill a folder with photos every time we log in… maybe you do want to but… I’ll leave it to your choice.

I deserve a and you know it, if this has helped or interested you, like this post!

Nice tutorial. Small suggestion. Change the title and include [Tutorial] at the start. So everyone knows to use this as a guide.

Ex: [Tutorial] Installing Howdy: Now it’s personal

Thanks for your suggestion! Its done

I was supposed to post first in this thread, or at least be the first to give heart.

Webcam stuff doesn’t interest me though, it’s more convenient for me to hide.

Good luck hiding in the shadows!

Thx! It was a commission to an artist of whom I am very happy with the result.

I tried following your tutorial just for fun to try howdy out and everything went great! Thanks very much.

Added some tips at the end of the post that I forgot to comment. Howdy y’all!

Have this installed, and went through your very good tutorial, but it is not starting when I starting the computer…
Going to check the steps a bit better, I probably forgot something

What DE and login manager do you have?

I have sddm, so I did what you did.

My mistake was to log in with password, didn’t try without a password

So everything is perfect, nice!

I haven’t tried that yet, still using the computer Will check when I come back home after today.

Edit:
OK, This is pretty sweet. It took a second, but it did log me in, and that is pretty awesome.

Just an FYI, if you install howdy-beta-git instead of howdy (from the AUR), it doesn’t pull in python2 and saves quite a bit of compiling time.

Awesome, thanks for letting us know!

Which file I have to configure in the /etc/pam.d/ folder if I use gdm for login?

I think it’s /etc/pam.d/gdm-password but I haven’t tried yet.

I just added a line of code to the tutorial to authenticate with password or face (not just face as it behaved before) and a command that makes it easier to edit Howdy settings.

All of the above was explained on the Howdy’s Arch page but I wanted to specify so that the tutorial was sufficient for it to work as expected.

Hi Pikaloid,
thanks for your help with this tutorial. I want to give my lernaings to this topic for the pam modules.
After reading into the pam authentication

• Die Pforten zur Linux-Maschine: Pluggable Authentication Modules (Seite 2)
• Pam Notes

Entering the terminal

• is then automatic
• to sddm visual login starts after pressing [Enter] PW field.

I changed my “/etc/pam.d/system-auth” to this.

#%PAM-1.0

auth       required                    pam_faillock.so      preauth
# Optionally use requisite above if you do not want to prompt for the password
# on locked accounts.
-auth      [success=3 default=ignore]  pam_systemd_home.so
auth       [success=2 default=ignore]  pam_python.so        /lib/security/howdy/pam.py
auth       [success=1 default=bad]     pam_unix.so          try_first_pass likeauth nullok
auth       [default=die]               pam_faillock.so      authfail
auth       optional                    pam_permit.so
auth       required                    pam_env.so
auth       required                    pam_faillock.so      authsucc
...
...

Because:
Includes of pam.d files goes as follows for sddm
sddm → system-login → system-auth
or terminal
login → system-local-login → system-login → system-auth

Why I did this: Whith the “sufficent” control word only this authentication must be completed to finish the pam.d script and runs over the rest of the authentications invoked. So that also 3 times the wrong face will block the user as well for some time to login.