CN104361275A - Method for managing login of root user of Linux system - Google Patents
Method for managing login of root user of Linux system Download PDFInfo
- Publication number
- CN104361275A CN104361275A CN201410638785.5A CN201410638785A CN104361275A CN 104361275 A CN104361275 A CN 104361275A CN 201410638785 A CN201410638785 A CN 201410638785A CN 104361275 A CN104361275 A CN 104361275A
- Authority
- CN
- China
- Prior art keywords
- authentication module
- identification device
- fingerprint identification
- fingerprint
- linux
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Image Input (AREA)
- Collating Specific Patterns (AREA)
Abstract
The invention provides a method for managing the login of a root user of a Linux system and belongs to the field of computer security. The method comprises (1) a hot-pluggable authentication module library under Linux, (2) an association library for a fingerprint recognition device and an authentication module and (3) a fingerprint password file and a configuration file. The fingerprint recognition device is uploaded at a remote client or a server of the Linux locally, and fingerprint verification is necessarily adopted during the login of the root user, so that the security of a password of the root user is improved and the login process is simplified.
Description
Technical field
The present invention relates to computer safety field, specifically a kind of method utilizing fingerprint identification device login and management Linux root user to log in.
Background technology
In current IT environment, any computer system all will take into full account the security in design, use and operational process.So both increase function and the characteristic of a lot of secure context in the middle of the links of current mainstream operation system, and have in numerous security features and function considerable technology be guarantee user differentiate with authentication in security.
So-called user differentiates, is exactly user submits oneself in a secure manner to proof of identification to system, then by the process whether identity of system validation user is true.The password that the most frequently used mode of safety certification is comparison user input and is pre-stored in database.
This wherein, the password of Linux root user is especially crucial.Root user is power user, can install, delete, mobile arbitrary data and application, once be broken, hacker can grasp the highest weight limit of linux system, and data will have no safe can saying.Usually adopted the mode of strong cipher to carry out root user login, but the flow process of password login mode is known on the one hand, is easily broken, strong cipher is not easily remembered on the other hand, uses inconvenience in the past.
Summary of the invention
The invention provides a kind of method utilizing fingerprint identification device login and management Linux root user to log in, compare common strong cipher and log in, not only enhance security, and more convenient.
The present invention proposes a kind of new method managing linux system root user and log in.This invention, by loading fingerprint identification device at Linux Terminal Server Client or server this locality, makes root user log in and must adopt fingerprint authentication, thus the security of enhancing root user cipher, simplify login process simultaneously.
The method and apparatus of introduction of the present invention comprises: hot swappable authentication module storehouse under (1) Linux; (2) correlation database of fingerprint identification device and authentication module; (3) finger-print cipher file and configuration file.
Under Linux, hot swappable authentication module storehouse is inserted new authentication module in the application or replaces original assembly, application programs need not make any amendment simultaneously, thus make the customization of software, maintenance and upgrading lighter.Because certification and relatively independent between authentication scheme and application program.So application program can use various identification function easily by API and need not understand too many low-level details.
Namely the correlation database of fingerprint identification device and authentication module is the module needing to add in hot plug authentication module storehouse, for replacing original cipher authentication module.This storehouse can be read finger-print cipher file that fingerprint identification device recognizes and be compared with the root user cryptogram by certification.
Finger-print cipher file is transformed to fingerprint by fingerprint identification device.Configuration file is coordinated to manage its deposit position and comparison and encryption method.
Among three, hot swappable authentication module storehouse comparative maturity, directly can adopt the PAM(Pluggable Authentication Module under Linux), application program can be led to various identification function that PAM API uses PAM to provide easily and need not be understood too many low-level details.In addition the ease for use of PAM is also comparatively strong, is mainly manifested in it shields discriminating and certification detail to upper strata, so user need not be forced to learn various identification method, also need not remembers multiple password; Again owing to it achieving the integration problem differentiating authentication mechanism, so single program can integrated multiple authentication scheme easily more.
By developing the correlation database (.so file) of fingerprint identification device and authentication module, fingerprint identification device is associated with authentication module.After confirming fingerprint, user and purview certification is carried out by PAM in fingerprint identification device identification, and open system access.
Utilize fingerprint identification device to log in and the login of management Linux root user, the security of enhancing root user cipher, simplifies login process simultaneously; Enhance security, and more convenient.
Accompanying drawing explanation
Fig. 1 is the Method And Principle figure of the login linux system root user based on fingerprint recognition.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing the present invention being done and describing in detail further.
The method and apparatus of introduction of the present invention comprises: hot swappable authentication module storehouse under (1) Linux; (2) correlation database of fingerprint identification device and authentication module; (3) finger-print cipher file and configuration file
Among three, hot swappable authentication module storehouse comparative maturity, directly can adopt the PAM(Pluggable Authentication Module under Linux), application program can be led to various identification function that PAM API uses PAM to provide easily and need not be understood too many low-level details.In addition the ease for use of PAM is also comparatively strong, is mainly manifested in it shields discriminating and certification detail to upper strata, so user need not be forced to learn various identification method, also need not remembers multiple password; Again owing to it achieving the integration problem differentiating authentication mechanism, so single program can integrated multiple authentication scheme easily more.
First adopt the fingerprint identification device of ripe support Linux (requiring existing under linux driving), according to the operation instruction of this device, carry out the configuration of finger-print cipher file, specify it to deposit path, cipher mode etc.
Hot swappable authentication module (being PAM here) can call the correlation database of fingerprint identification device and PAM afterwards, this correlation database can the file fingerprint that just generated of comparison and before by the cryptogram of the root user of certification, if passed through, then PAM can access linux system and user, completes login.
Claims (4)
1. manage a linux system root user login method, it is characterized in that comprising:
(1) hot swappable authentication module storehouse under Linux;
(2) correlation database of fingerprint identification device and authentication module;
(3) finger-print cipher file and configuration file;
By developing the correlation database of fingerprint identification device and authentication module, fingerprint identification device is associated with authentication module; After confirming fingerprint, user and purview certification is carried out by PAM in fingerprint identification device identification, and open system access.
2. method according to claim 1, it is characterized in that hot swappable authentication module storehouse is inserted new authentication module in the application or replaces original assembly under Linux, application programs need not make any amendment simultaneously, thus make the customization of software, maintenance and upgrading lighter.
3. method according to claim 1, is characterized in that namely the correlation database of fingerprint identification device and authentication module is the module that needs add in hot plug authentication module storehouse, for replacing original cipher authentication module; This storehouse can be read finger-print cipher file that fingerprint identification device recognizes and be compared with the root user cryptogram by certification.
4. method according to claim 1, is characterized in that finger-print cipher file is transformed to fingerprint by fingerprint identification device; Configuration file is coordinated to manage its deposit position and comparison and encryption method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410638785.5A CN104361275A (en) | 2014-11-13 | 2014-11-13 | Method for managing login of root user of Linux system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410638785.5A CN104361275A (en) | 2014-11-13 | 2014-11-13 | Method for managing login of root user of Linux system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104361275A true CN104361275A (en) | 2015-02-18 |
Family
ID=52528534
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410638785.5A Pending CN104361275A (en) | 2014-11-13 | 2014-11-13 | Method for managing login of root user of Linux system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104361275A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105975831A (en) * | 2016-05-05 | 2016-09-28 | 北京元心科技有限公司 | Method and system for providing unified identity recognition |
CN113495792A (en) * | 2020-03-20 | 2021-10-12 | 中标软件有限公司 | Method for realizing adaptation interface of operating system to fingerprint equipment |
CN115085968A (en) * | 2022-04-29 | 2022-09-20 | 麒麟软件有限公司 | Login authentication method based on custom tag under Linux |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130254840A1 (en) * | 2012-03-26 | 2013-09-26 | International Business Machines Corporation | Providing multiple authentications to authenticate users with respect to a system and file systems offerred through the system |
CN103745157A (en) * | 2014-01-11 | 2014-04-23 | 浪潮电子信息产业股份有限公司 | System right separation method based on pam module |
-
2014
- 2014-11-13 CN CN201410638785.5A patent/CN104361275A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130254840A1 (en) * | 2012-03-26 | 2013-09-26 | International Business Machines Corporation | Providing multiple authentications to authenticate users with respect to a system and file systems offerred through the system |
CN103745157A (en) * | 2014-01-11 | 2014-04-23 | 浪潮电子信息产业股份有限公司 | System right separation method based on pam module |
Non-Patent Citations (1)
Title |
---|
吴晓彬,周超: "Linux-PAM的分析与应用", 《信息化研究》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105975831A (en) * | 2016-05-05 | 2016-09-28 | 北京元心科技有限公司 | Method and system for providing unified identity recognition |
CN113495792A (en) * | 2020-03-20 | 2021-10-12 | 中标软件有限公司 | Method for realizing adaptation interface of operating system to fingerprint equipment |
CN113495792B (en) * | 2020-03-20 | 2024-06-18 | 中标软件有限公司 | Implementation method of adapting interface of operating system to fingerprint equipment |
CN115085968A (en) * | 2022-04-29 | 2022-09-20 | 麒麟软件有限公司 | Login authentication method based on custom tag under Linux |
CN115085968B (en) * | 2022-04-29 | 2023-08-04 | 麒麟软件有限公司 | Login authentication method based on custom tag under Linux |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11438169B2 (en) | Time-bound secure access | |
US11295302B2 (en) | Network system and method for transferring cryptocurrencies between a user account and a receiving account | |
US9124582B2 (en) | Mobile security fob | |
EP3211825B1 (en) | Trusted terminal verification method and apparatus | |
CN104869099A (en) | Multi-network-account login method and system based on fingerprint account | |
US10783338B2 (en) | Integrated access control system | |
CN105184179A (en) | Embedded encrypted mobile storage device and operation method thereof | |
US8955068B1 (en) | Systems and methods for providing strong authentication for web-based applications | |
US9569610B2 (en) | Managing a password | |
CN105243314A (en) | USB-key based security system and usage method therefor | |
CN103024706A (en) | Short message based device and short message based method for bidirectional multiple-factor dynamic identity authentication | |
CN109409041A (en) | A kind of server-side safety certifying method and system based on the application of more certificates | |
CN104361275A (en) | Method for managing login of root user of Linux system | |
US20190188934A1 (en) | Low-Power Wireless for Access Control | |
KR20230142505A (en) | URL-based authentication for payment cards | |
US20230289801A1 (en) | Systems and methods for authentication of access tokens | |
CN109561428B (en) | Remote authentication method, device, equipment and storage medium thereof | |
US20220295280A1 (en) | Online validation service secures access to devices connected wirelessly to a secure secondary intelligent router module, which is connected via a wireless connection to a Primary Wired/Wireless Router/Modem | |
CN110874455A (en) | Authorization management method and system | |
CN203206256U (en) | A mobile storage device | |
CN104113417A (en) | Dynamic password identity authentication method and system based on near field communication (NFC) | |
CN103490874A (en) | Safety information interaction system, method, device and server | |
KR101329788B1 (en) | SSO Method Based on Server In Mobile Environment | |
CN101799854A (en) | Control device based on handwriting encryption and implementation method thereof | |
CN108701181B (en) | Method and system for protected communication between a mobile unit coupled to a smartphone and a server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150218 |
|
WD01 | Invention patent application deemed withdrawn after publication |