CN115085968A - Login authentication method based on custom tag under Linux - Google Patents

Login authentication method based on custom tag under Linux Download PDF

Info

Publication number
CN115085968A
CN115085968A CN202210465024.9A CN202210465024A CN115085968A CN 115085968 A CN115085968 A CN 115085968A CN 202210465024 A CN202210465024 A CN 202210465024A CN 115085968 A CN115085968 A CN 115085968A
Authority
CN
China
Prior art keywords
user
label
authentication
information
tag
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210465024.9A
Other languages
Chinese (zh)
Other versions
CN115085968B (en
Inventor
陈憨
于珊珊
孟德慧
田冬冬
王震
杨诏钧
孔金珠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kirin Software Co Ltd
Original Assignee
Kirin Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kirin Software Co Ltd filed Critical Kirin Software Co Ltd
Priority to CN202210465024.9A priority Critical patent/CN115085968B/en
Publication of CN115085968A publication Critical patent/CN115085968A/en
Application granted granted Critical
Publication of CN115085968B publication Critical patent/CN115085968B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of IP (Internet protocol), in particular to a login authentication method based on a custom label under Linux, which comprises the following steps: generating a system label when a Linux system is installed or started, and generating a user label when the Linux system creates a user, wherein the system label and the user label both comprise N pieces of information representing the system and the user; when a user logs in, a user tag of the user is obtained, and a tag information authentication stage is entered: comparing the information representing the system in the user label of the user with the information representing the system in the system label according to a plurality of comparison rules, and comparing the information representing the user in the user label of the user with the information representing the user in the system label, wherein if the two are consistent, the label information authentication is passed; and if the label information passes the authentication, entering user name and password authentication. The method adds a self-defined label authentication process on the basis of user name and static password authentication, and improves the reliability of authentication.

Description

Login authentication method based on custom tag under Linux
Technical Field
The invention relates to the technical field of IP, in particular to a login authentication method based on a custom label under Linux.
Background
Linux is an operating system developed in a free and open atmosphere, and its source code is open. Therefore, it is gaining popularity with more and more users. The identity authentication technology is a first level of gate to access the operating system, and is mainly used for proving the identity of a user logging in the system. Identity authentication requires a set of trusted and reliable mechanisms to ensure the security and validity of the process. The authentication framework adopted by the Linux operating system is a plug-in authentication module (PAM), which is a set of application program interfaces, and provides a series of authentication mechanisms for the operating system, so that the user can report an authentication structure (success or failure) for the user only after the user informs the PAM of the requirements of an authentication stage.
The user name and static password are the most widely adopted identity authentication mode at present. If a simple password is adopted, the password is easy to guess, but if a complex password is adopted, the password is easy to forget. If the record is recorded on some equipment, the record can be easily leaked. Therefore, authentication methods such as fingerprint recognition, iris recognition, and face recognition have been developed. The authentication mechanisms utilize unique, measurable and lifelong invariant characteristics of human bodies to carry out identity authentication, and have very high safety. And has the characteristics of difficult counterfeiting, difficult embezzlement, difficult forgetting and the like. Compared with the authentication mode of user name and password, the method has the characteristics of safety, confidentiality, convenience and the like. However, to implement such an authentication method, additional devices for identifying the biometric features are generally required in the computer, and these devices are generally expensive, which increases the production cost.
Therefore, there is a need to provide a method for further improving the reliability of authentication based on user name and static password authentication, and the method does not significantly increase the cost.
Disclosure of Invention
Solves the technical problem
Aiming at the defects in the prior art, the invention provides the login authentication method based on the user-defined label under Linux, and the method adds a user-defined label authentication process on the basis of user name and static password authentication and improves the reliability of authentication.
Technical scheme
In order to achieve the purpose, the invention is realized by the following technical scheme:
the invention provides a login authentication method based on a custom tag under Linux, which comprises the following steps:
s1, generating a system label when the Linux system is installed or started, and generating a user label when the Linux system creates a user, wherein the system label and the user label both comprise N pieces of information representing the system and the user;
s2, when the user logs in, obtaining the user label of the user, and entering a label information authentication stage: comparing the information representing the system in the user label of the user with the information representing the system in the system label according to a plurality of comparison rules, and comparing the information representing the user in the user label of the user with the information representing the user in the system label, wherein if the information representing the user in the user label of the user is consistent with the information representing the user in the system label, the label information passes the authentication, otherwise, the label information does not pass the authentication;
and S3, if the label information passes the authentication, entering the user name and password authentication, and if the user name and the password authentication are consistent, allowing the user to log in.
Further, step S2 specifically includes:
when a user logs in, sending an authentication request comprising user information to be authenticated to a PAM authentication module of the Linux system, wherein the user information to be authenticated comprises a user name and an environment variable;
and the PAM authentication module receives the authentication request, acquires a user tag of the user according to the user name and enters a tag information authentication stage.
And further, acquiring the UID of the user according to the user name of the user, and acquiring the user label of the user according to the UID of the user.
Furthermore, the PAM authentication module is provided with the comparison rules, and the comparison rules can be manually adjusted.
Further, the system tag and the user tag include at least a tag ID, an access station type, an IP address, a port number, a communication protocol, an application type, an authorized user ID, or a packet ID.
Based on the same inventive concept, the present invention also provides an electronic device comprising a processor and a memory, wherein the memory stores a computer program, and the computer program realizes the method of any one of the above items when being executed by the processor.
Based on the same inventive concept, the present invention also provides a readable storage medium, in which a computer program is stored, which, when executed by a processor, implements the method of any one of the above.
Has the beneficial effects that:
the method provided by the invention adds a self-defined label authentication process on the basis of user name and static password authentication, thereby improving the reliability of authentication; furthermore, based on the pluggable property and the easy usability of the PAM module, the invention adopts a compatible method for system authentication by using the password, thereby avoiding the additional equipment required by the biological characteristic authentication and reducing the cost; finally, the information comparison logic in the tag can be customized, and the flexibility of authentication is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
Fig. 1 is a schematic diagram illustrating steps of a login authentication method based on a custom tag under Linux according to an embodiment of the present invention;
fig. 2 is a PAM authentication module architecture diagram in the login authentication method based on the custom tag under Linux according to an embodiment of the present invention;
fig. 3 is a schematic view of an authentication flow of a login authentication method based on a custom tag under Linux according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention. It is to be understood that the embodiments described are only a few embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, an embodiment of the present invention provides a login authentication method based on a custom tag under Linux, including the following steps:
s1, generating a system label when the Linux system is installed or started, and generating a user label when the Linux system creates a user, wherein the system label and the user label both comprise N pieces of information representing the system and the user;
s2, when the user logs in, obtaining the user label of the user, and entering a label information authentication stage: comparing the information representing the system in the user label of the user with the information representing the system in the system label according to a plurality of comparison rules, and comparing the information representing the user in the user label of the user with the information representing the user in the system label, wherein if the information representing the user in the user label of the user is consistent with the information representing the user in the system label, the label information passes the authentication, otherwise, the label information does not pass the authentication;
and S3, if the label information passes the authentication, entering the user name and password authentication, and if the user name and the password authentication are consistent, allowing the user to log in.
During specific authentication, referring to fig. 3, comparing the user tag of the login user and the first information in the system tag according to a rule, and if the user tag fails, returning to the failure; if the success is achieved, the next step is carried out; comparing the user label of the login user with the information II in the system label according to the rule II, and if the user label fails, returning to the failure; if the success is achieved, the next step is carried out; comparing the user label of the login user with the information III in the system label according to the rule III, and if the user label fails, returning to the failure; comparing the user tag of the login user with the information N in the system tag according to a rule N, and if the user tag of the login user fails, returning a failure; if the success is found, the success is returned. Of course, it should be understood by those skilled in the art that the number of comparison rules and the specific rules may be artificially defined, and are only exemplary. If the label authentication module returns a failure result, the authentication fails and the user cannot log in; and if the label authentication module returns a successful result, entering the next authentication stage. The next authentication phase is generally the verification of the user name and the static password, which belongs to the conventional contents in the prior art and is not described herein again.
In this embodiment, step S2 specifically includes: when a user logs in, sending an authentication request comprising user information to be authenticated to a PAM authentication module of the Linux system, wherein the user information to be authenticated comprises a user name and an environment variable; and the PAM authentication module receives the authentication request, acquires a user tag of the user according to the user name and enters a tag information authentication stage.
Specifically, the architecture of the PAM authentication module is shown in fig. 2, and the architecture is mainly divided into four parts, namely, a PAM application (also called a consumer), a PAM library, a PAM configuration file, and a PAM service module (also called a provider). The architecture can provide a uniform execution mode for operations related to verification. In this way, application developers can use the PAM service without having to know the semantics of the policy, and the algorithms can be modified independently of the individual applications. The application program communicates with the PAM library through a PAM application programming interface (PAM API). The PAM authentication module communicates with a PAM library through a PAM service provider interface (PAM SPI). In this manner, the PAM library enables applications and modules to communicate with each other.
In this embodiment, the PAM authentication module is provided with the plurality of comparison rules, and the plurality of comparison rules may be manually adjusted. With the PAM authentication module, an administrator can adjust the validation process according to the needs of a particular program by modifying the configuration file without having to alter any application. On one hand, the invention adds the self-defined labels in the system and user level, on the other hand, the invention provides the system login authentication method based on the self-defined labels under Linux by using the PAM authentication module and the self-defined labels.
In this embodiment, the system tag and the user tag generally include at least a tag ID, an access station type, an IP address, a port number, a communication protocol, an application type, an authorized user ID, or a packet ID. Of course, it should be understood by those skilled in the art of the present invention that the contents of the system tag and the user tag are not limited and can be configured manually.
In this embodiment, the UID of the user is generally obtained according to the user name of the user, and then the user tag of the user is obtained according to the UID of the user. UID is an abbreviation of User Identification (User Identification) and represents a numerical value automatically generated by the system when the network platform registers.
Based on the same invention concept, the invention further provides electronic equipment which comprises a processor and a memory, wherein the memory is stored with a computer program, and the computer program is executed by the processor to realize the login authentication method based on the custom tag under the Linux.
The processor may be, in some embodiments, a Central Processing Unit (CPU), a controller, a microcontroller, a microprocessor (e.g., a GPU), or other data Processing chip. The processor is typically used to control the overall operation of the electronic device. In this embodiment, the processor is configured to run a program code stored in the memory or process data, for example, run a program code of a login authentication method based on a custom tag under Linux.
The memory includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, etc. In some embodiments, the storage may be an internal storage unit of the electronic device, such as a hard disk or a memory of the electronic device. In other embodiments, the memory may also be an external storage device of the electronic device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like provided on the electronic device. Of course, the memory may also include both internal and external memory units of the electronic device. In this embodiment, the memory is generally used to store an operating method installed in the electronic device and various types of application software, for example, a program code of a login authentication method based on a custom tag under Linux. In addition, the memory may also be used to temporarily store various types of data that have been output or are to be output.
Based on the same invention idea, the invention further provides a readable storage medium, wherein a computer program is stored in the readable storage medium, and when the computer program is executed by a processor, the login authentication method based on the custom tag under Linux is realized.
In conclusion, the method has the advantages that a user-defined label authentication process is added on the basis of user name and static password authentication, and the authentication reliability is improved; furthermore, based on the pluggable property and the easy usability of the PAM module, the invention adopts a compatible method for system authentication by using the password, thereby avoiding the additional equipment required by the biological characteristic authentication and reducing the cost; finally, the information comparison logic in the tag can be customized, and the flexibility of authentication is improved.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and the modifications or the substitutions do not cause the essence of the corresponding technical solutions to depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (7)

1. A login authentication method based on a custom tag under Linux is characterized by comprising the following steps:
s1, generating a system label when the Linux system is installed or started, and generating a user label when the Linux system creates a user, wherein the system label and the user label both comprise N pieces of information representing the system and the user;
s2, when the user logs in, the user label of the user is obtained, and the label information authentication stage is entered: comparing the information representing the system in the user label of the user with the information representing the system in the system label according to a plurality of comparison rules, and comparing the information representing the user in the user label of the user with the information representing the user in the system label, wherein if the two are consistent, the label information authentication is passed, otherwise, the label information authentication is not passed;
and S3, if the label information passes the authentication, entering the user name and password authentication, and if the user name and the password authentication are consistent, allowing the user to log in.
2. The login authentication method based on the custom tag under Linux according to claim 1, wherein step S2 specifically includes:
when a user logs in, sending an authentication request comprising user information to be authenticated to a PAM authentication module of the Linux system, wherein the user information to be authenticated comprises a user name and an environment variable;
and the PAM authentication module receives the authentication request, acquires a user tag of the user according to the user name and enters a tag information authentication stage.
3. The login authentication method based on the custom tag under Linux of claim 2, wherein the UID of the user is obtained according to the user name of the user, and then the user tag of the user is obtained according to the UID of the user.
4. The login authentication method based on the custom tag under Linux of claim 2, wherein the PAM authentication module is provided with the plurality of comparison rules, and the plurality of comparison rules are manually adjustable.
5. The method for login authentication based on a custom tag under Linux according to any one of claims 1, wherein the system tag and the user tag comprise at least a tag ID, an access station type, an IP address, a port number, a communication protocol, an application type, an authorized user ID, or a packet ID.
6. An electronic device comprising a processor and a memory, the memory having stored thereon a computer program which, when executed by the processor, implements the method of any of claims 1 to 4.
7. A readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method of any one of claims 1 to 4.
CN202210465024.9A 2022-04-29 2022-04-29 Login authentication method based on custom tag under Linux Active CN115085968B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210465024.9A CN115085968B (en) 2022-04-29 2022-04-29 Login authentication method based on custom tag under Linux

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210465024.9A CN115085968B (en) 2022-04-29 2022-04-29 Login authentication method based on custom tag under Linux

Publications (2)

Publication Number Publication Date
CN115085968A true CN115085968A (en) 2022-09-20
CN115085968B CN115085968B (en) 2023-08-04

Family

ID=83247309

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210465024.9A Active CN115085968B (en) 2022-04-29 2022-04-29 Login authentication method based on custom tag under Linux

Country Status (1)

Country Link
CN (1) CN115085968B (en)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100299625A1 (en) * 2009-05-21 2010-11-25 Alibaba Group Holding Limited Presenting information in an instant messaging application
CN104361275A (en) * 2014-11-13 2015-02-18 浪潮电子信息产业股份有限公司 Method for managing login of root user of Linux system
CN104484594A (en) * 2014-11-06 2015-04-01 中国科学院信息工程研究所 Linux system privilege distribution method based on capability mechanism
CN106372550A (en) * 2016-08-25 2017-02-01 辽宁工业大学 Hash function-based MH lightweight security authentication system and method
CN106453321A (en) * 2016-10-18 2017-02-22 郑州云海信息技术有限公司 Authentication server, system and method, and to-be-authenticated terminal
CN106657098A (en) * 2016-12-29 2017-05-10 郑州云海信息技术有限公司 Authentication method, apparatus and system for logging in Linux operating system
CN108881243A (en) * 2018-06-26 2018-11-23 晋商博创(北京)科技有限公司 (SuSE) Linux OS login authentication method, equipment, terminal and server based on CPK
CN109784022A (en) * 2018-11-27 2019-05-21 天津麒麟信息技术有限公司 System authentication method and device based on bio-identification under a kind of Linux
CN111125668A (en) * 2019-09-30 2020-05-08 武汉信安珞珈科技有限公司 Method and system for enhancing login security of Linux operating system based on mobile terminal
CN112464213A (en) * 2020-11-18 2021-03-09 苏州浪潮智能科技有限公司 Operating system access control method, device, equipment and storage medium
CN112507308A (en) * 2020-10-20 2021-03-16 麒麟软件有限公司 Identity recognition and authentication method
CN113434742A (en) * 2021-06-28 2021-09-24 青岛海尔科技有限公司 Account screening method and device, storage medium and electronic device

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100299625A1 (en) * 2009-05-21 2010-11-25 Alibaba Group Holding Limited Presenting information in an instant messaging application
CN104484594A (en) * 2014-11-06 2015-04-01 中国科学院信息工程研究所 Linux system privilege distribution method based on capability mechanism
CN104361275A (en) * 2014-11-13 2015-02-18 浪潮电子信息产业股份有限公司 Method for managing login of root user of Linux system
CN106372550A (en) * 2016-08-25 2017-02-01 辽宁工业大学 Hash function-based MH lightweight security authentication system and method
CN106453321A (en) * 2016-10-18 2017-02-22 郑州云海信息技术有限公司 Authentication server, system and method, and to-be-authenticated terminal
CN106657098A (en) * 2016-12-29 2017-05-10 郑州云海信息技术有限公司 Authentication method, apparatus and system for logging in Linux operating system
CN108881243A (en) * 2018-06-26 2018-11-23 晋商博创(北京)科技有限公司 (SuSE) Linux OS login authentication method, equipment, terminal and server based on CPK
CN109784022A (en) * 2018-11-27 2019-05-21 天津麒麟信息技术有限公司 System authentication method and device based on bio-identification under a kind of Linux
CN111125668A (en) * 2019-09-30 2020-05-08 武汉信安珞珈科技有限公司 Method and system for enhancing login security of Linux operating system based on mobile terminal
CN112507308A (en) * 2020-10-20 2021-03-16 麒麟软件有限公司 Identity recognition and authentication method
CN112464213A (en) * 2020-11-18 2021-03-09 苏州浪潮智能科技有限公司 Operating system access control method, device, equipment and storage medium
CN113434742A (en) * 2021-06-28 2021-09-24 青岛海尔科技有限公司 Account screening method and device, storage medium and electronic device

Also Published As

Publication number Publication date
CN115085968B (en) 2023-08-04

Similar Documents

Publication Publication Date Title
RU2710889C1 (en) Methods and systems for creation of identification cards, their verification and control
WO2021218328A1 (en) Multi-tenant access service implementation method, apparatus and device, and storage medium
WO2020134942A1 (en) Identity verification method and system therefor
US10812482B1 (en) Permission vector access control with linear scaling factor
CN110310205B (en) Block chain data monitoring method, device, equipment and medium
US20040088562A1 (en) Authentication framework for smart cards
CN107294721A (en) The method and apparatus of identity registration, certification based on biological characteristic
WO2020181809A1 (en) Data processing method and system based on interface checking, and computer device
IL126552A (en) Remote administration of smart cards for secure access systems
US10872610B2 (en) Generating random pass-phrases using word-level recurrent neural networks
US20080086645A1 (en) Authentication system and method thereof
CN114297708A (en) Access control method, device, equipment and storage medium
CN111259364B (en) Method, device, equipment and storage medium for using national secret encryption card
US20180375847A1 (en) Stored value user identification system using blockchain or math-based function
US20170083906A1 (en) Token assurance level based transaction processing
CN108600259B (en) Authentication and binding method of equipment, computer storage medium and server
CN111597269A (en) Block chain-based contract implementation method, device and equipment
CN115085968B (en) Login authentication method based on custom tag under Linux
CN109218029A (en) The credible querying method of network credentials, device and storage medium based on block chain
CN112788017A (en) Safety verification method, device, equipment and medium
US9824202B2 (en) Electronic access-protection system, method of operating a computer system, chip card and firmware component
CN114676411A (en) Authentication mode identification method and equipment
CN112348513A (en) Can provide multiple encryption mode transaction block chain
Lee et al. A study on a secure USB mechanism that prevents the exposure of authentication information for smart human care services
CN113923203B (en) Network request verification method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant