CN104361275A - Method for managing login of root user of Linux system - Google Patents

Method for managing login of root user of Linux system Download PDF

Info

Publication number
CN104361275A
CN104361275A CN201410638785.5A CN201410638785A CN104361275A CN 104361275 A CN104361275 A CN 104361275A CN 201410638785 A CN201410638785 A CN 201410638785A CN 104361275 A CN104361275 A CN 104361275A
Authority
CN
China
Prior art keywords
authentication module
identification device
fingerprint identification
fingerprint
linux
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410638785.5A
Other languages
Chinese (zh)
Inventor
王渭巍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Electronic Information Industry Co Ltd
Original Assignee
Inspur Electronic Information Industry Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Electronic Information Industry Co Ltd filed Critical Inspur Electronic Information Industry Co Ltd
Priority to CN201410638785.5A priority Critical patent/CN104361275A/en
Publication of CN104361275A publication Critical patent/CN104361275A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Image Input (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention provides a method for managing the login of a root user of a Linux system and belongs to the field of computer security. The method comprises (1) a hot-pluggable authentication module library under Linux, (2) an association library for a fingerprint recognition device and an authentication module and (3) a fingerprint password file and a configuration file. The fingerprint recognition device is uploaded at a remote client or a server of the Linux locally, and fingerprint verification is necessarily adopted during the login of the root user, so that the security of a password of the root user is improved and the login process is simplified.

Description

A kind of management linux system root user login method
Technical field
The present invention relates to computer safety field, specifically a kind of method utilizing fingerprint identification device login and management Linux root user to log in.
Background technology
In current IT environment, any computer system all will take into full account the security in design, use and operational process.So both increase function and the characteristic of a lot of secure context in the middle of the links of current mainstream operation system, and have in numerous security features and function considerable technology be guarantee user differentiate with authentication in security.
So-called user differentiates, is exactly user submits oneself in a secure manner to proof of identification to system, then by the process whether identity of system validation user is true.The password that the most frequently used mode of safety certification is comparison user input and is pre-stored in database.
This wherein, the password of Linux root user is especially crucial.Root user is power user, can install, delete, mobile arbitrary data and application, once be broken, hacker can grasp the highest weight limit of linux system, and data will have no safe can saying.Usually adopted the mode of strong cipher to carry out root user login, but the flow process of password login mode is known on the one hand, is easily broken, strong cipher is not easily remembered on the other hand, uses inconvenience in the past.
Summary of the invention
The invention provides a kind of method utilizing fingerprint identification device login and management Linux root user to log in, compare common strong cipher and log in, not only enhance security, and more convenient.
The present invention proposes a kind of new method managing linux system root user and log in.This invention, by loading fingerprint identification device at Linux Terminal Server Client or server this locality, makes root user log in and must adopt fingerprint authentication, thus the security of enhancing root user cipher, simplify login process simultaneously.
The method and apparatus of introduction of the present invention comprises: hot swappable authentication module storehouse under (1) Linux; (2) correlation database of fingerprint identification device and authentication module; (3) finger-print cipher file and configuration file.
Under Linux, hot swappable authentication module storehouse is inserted new authentication module in the application or replaces original assembly, application programs need not make any amendment simultaneously, thus make the customization of software, maintenance and upgrading lighter.Because certification and relatively independent between authentication scheme and application program.So application program can use various identification function easily by API and need not understand too many low-level details.
Namely the correlation database of fingerprint identification device and authentication module is the module needing to add in hot plug authentication module storehouse, for replacing original cipher authentication module.This storehouse can be read finger-print cipher file that fingerprint identification device recognizes and be compared with the root user cryptogram by certification.
Finger-print cipher file is transformed to fingerprint by fingerprint identification device.Configuration file is coordinated to manage its deposit position and comparison and encryption method.
Among three, hot swappable authentication module storehouse comparative maturity, directly can adopt the PAM(Pluggable Authentication Module under Linux), application program can be led to various identification function that PAM API uses PAM to provide easily and need not be understood too many low-level details.In addition the ease for use of PAM is also comparatively strong, is mainly manifested in it shields discriminating and certification detail to upper strata, so user need not be forced to learn various identification method, also need not remembers multiple password; Again owing to it achieving the integration problem differentiating authentication mechanism, so single program can integrated multiple authentication scheme easily more.
By developing the correlation database (.so file) of fingerprint identification device and authentication module, fingerprint identification device is associated with authentication module.After confirming fingerprint, user and purview certification is carried out by PAM in fingerprint identification device identification, and open system access.
Utilize fingerprint identification device to log in and the login of management Linux root user, the security of enhancing root user cipher, simplifies login process simultaneously; Enhance security, and more convenient.
Accompanying drawing explanation
Fig. 1 is the Method And Principle figure of the login linux system root user based on fingerprint recognition.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing the present invention being done and describing in detail further.
The method and apparatus of introduction of the present invention comprises: hot swappable authentication module storehouse under (1) Linux; (2) correlation database of fingerprint identification device and authentication module; (3) finger-print cipher file and configuration file
Among three, hot swappable authentication module storehouse comparative maturity, directly can adopt the PAM(Pluggable Authentication Module under Linux), application program can be led to various identification function that PAM API uses PAM to provide easily and need not be understood too many low-level details.In addition the ease for use of PAM is also comparatively strong, is mainly manifested in it shields discriminating and certification detail to upper strata, so user need not be forced to learn various identification method, also need not remembers multiple password; Again owing to it achieving the integration problem differentiating authentication mechanism, so single program can integrated multiple authentication scheme easily more.
First adopt the fingerprint identification device of ripe support Linux (requiring existing under linux driving), according to the operation instruction of this device, carry out the configuration of finger-print cipher file, specify it to deposit path, cipher mode etc.
Hot swappable authentication module (being PAM here) can call the correlation database of fingerprint identification device and PAM afterwards, this correlation database can the file fingerprint that just generated of comparison and before by the cryptogram of the root user of certification, if passed through, then PAM can access linux system and user, completes login.

Claims (4)

1. manage a linux system root user login method, it is characterized in that comprising:
(1) hot swappable authentication module storehouse under Linux;
(2) correlation database of fingerprint identification device and authentication module;
(3) finger-print cipher file and configuration file;
By developing the correlation database of fingerprint identification device and authentication module, fingerprint identification device is associated with authentication module; After confirming fingerprint, user and purview certification is carried out by PAM in fingerprint identification device identification, and open system access.
2. method according to claim 1, it is characterized in that hot swappable authentication module storehouse is inserted new authentication module in the application or replaces original assembly under Linux, application programs need not make any amendment simultaneously, thus make the customization of software, maintenance and upgrading lighter.
3. method according to claim 1, is characterized in that namely the correlation database of fingerprint identification device and authentication module is the module that needs add in hot plug authentication module storehouse, for replacing original cipher authentication module; This storehouse can be read finger-print cipher file that fingerprint identification device recognizes and be compared with the root user cryptogram by certification.
4. method according to claim 1, is characterized in that finger-print cipher file is transformed to fingerprint by fingerprint identification device; Configuration file is coordinated to manage its deposit position and comparison and encryption method.
CN201410638785.5A 2014-11-13 2014-11-13 Method for managing login of root user of Linux system Pending CN104361275A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410638785.5A CN104361275A (en) 2014-11-13 2014-11-13 Method for managing login of root user of Linux system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410638785.5A CN104361275A (en) 2014-11-13 2014-11-13 Method for managing login of root user of Linux system

Publications (1)

Publication Number Publication Date
CN104361275A true CN104361275A (en) 2015-02-18

Family

ID=52528534

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410638785.5A Pending CN104361275A (en) 2014-11-13 2014-11-13 Method for managing login of root user of Linux system

Country Status (1)

Country Link
CN (1) CN104361275A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105975831A (en) * 2016-05-05 2016-09-28 北京元心科技有限公司 Method and system for providing unified identity recognition
CN113495792A (en) * 2020-03-20 2021-10-12 中标软件有限公司 Method for realizing adaptation interface of operating system to fingerprint equipment
CN115085968A (en) * 2022-04-29 2022-09-20 麒麟软件有限公司 Login authentication method based on custom tag under Linux

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130254840A1 (en) * 2012-03-26 2013-09-26 International Business Machines Corporation Providing multiple authentications to authenticate users with respect to a system and file systems offerred through the system
CN103745157A (en) * 2014-01-11 2014-04-23 浪潮电子信息产业股份有限公司 System right separation method based on pam module

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130254840A1 (en) * 2012-03-26 2013-09-26 International Business Machines Corporation Providing multiple authentications to authenticate users with respect to a system and file systems offerred through the system
CN103745157A (en) * 2014-01-11 2014-04-23 浪潮电子信息产业股份有限公司 System right separation method based on pam module

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
吴晓彬,周超: "Linux-PAM的分析与应用", 《信息化研究》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105975831A (en) * 2016-05-05 2016-09-28 北京元心科技有限公司 Method and system for providing unified identity recognition
CN113495792A (en) * 2020-03-20 2021-10-12 中标软件有限公司 Method for realizing adaptation interface of operating system to fingerprint equipment
CN113495792B (en) * 2020-03-20 2024-06-18 中标软件有限公司 Implementation method of adapting interface of operating system to fingerprint equipment
CN115085968A (en) * 2022-04-29 2022-09-20 麒麟软件有限公司 Login authentication method based on custom tag under Linux
CN115085968B (en) * 2022-04-29 2023-08-04 麒麟软件有限公司 Login authentication method based on custom tag under Linux

Similar Documents

Publication Publication Date Title
US11438169B2 (en) Time-bound secure access
US11295302B2 (en) Network system and method for transferring cryptocurrencies between a user account and a receiving account
US9124582B2 (en) Mobile security fob
EP3211825B1 (en) Trusted terminal verification method and apparatus
CN104869099A (en) Multi-network-account login method and system based on fingerprint account
US10783338B2 (en) Integrated access control system
CN105184179A (en) Embedded encrypted mobile storage device and operation method thereof
US8955068B1 (en) Systems and methods for providing strong authentication for web-based applications
US9569610B2 (en) Managing a password
CN105243314A (en) USB-key based security system and usage method therefor
CN103024706A (en) Short message based device and short message based method for bidirectional multiple-factor dynamic identity authentication
CN109409041A (en) A kind of server-side safety certifying method and system based on the application of more certificates
CN104361275A (en) Method for managing login of root user of Linux system
US20190188934A1 (en) Low-Power Wireless for Access Control
KR20230142505A (en) URL-based authentication for payment cards
US20230289801A1 (en) Systems and methods for authentication of access tokens
CN109561428B (en) Remote authentication method, device, equipment and storage medium thereof
US20220295280A1 (en) Online validation service secures access to devices connected wirelessly to a secure secondary intelligent router module, which is connected via a wireless connection to a Primary Wired/Wireless Router/Modem
CN110874455A (en) Authorization management method and system
CN203206256U (en) A mobile storage device
CN104113417A (en) Dynamic password identity authentication method and system based on near field communication (NFC)
CN103490874A (en) Safety information interaction system, method, device and server
KR101329788B1 (en) SSO Method Based on Server In Mobile Environment
CN101799854A (en) Control device based on handwriting encryption and implementation method thereof
CN108701181B (en) Method and system for protected communication between a mobile unit coupled to a smartphone and a server

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20150218

WD01 Invention patent application deemed withdrawn after publication