CN115085968B - Login authentication method based on custom tag under Linux - Google Patents
Login authentication method based on custom tag under Linux Download PDFInfo
- Publication number
- CN115085968B CN115085968B CN202210465024.9A CN202210465024A CN115085968B CN 115085968 B CN115085968 B CN 115085968B CN 202210465024 A CN202210465024 A CN 202210465024A CN 115085968 B CN115085968 B CN 115085968B
- Authority
- CN
- China
- Prior art keywords
- user
- tag
- authentication
- information
- linux
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of IP, in particular to a login authentication method based on a custom tag under Linux, which comprises the following steps: generating a system tag when the Linux system is installed or started, and generating a user tag when the Linux system is used for creating a user, wherein the system tag and the user tag both comprise N pieces of information for representing the system and the user; when a user logs in, a user tag of the user is obtained, and a tag information authentication stage is entered: comparing the information representing the system in the user tag of the user with the information representing the system in the system tag according to various comparison rules, and if the information representing the user in the user tag of the user is consistent with the information representing the user in the system tag, the tag information authentication is passed; if the label information passes the authentication, the user name and password authentication is entered. The method adds a self-defined label authentication process based on user name and static password authentication, and improves the authentication reliability.
Description
Technical Field
The invention relates to the technical field of IP, in particular to a login authentication method based on a custom tag under Linux.
Background
Linux is an operating system developed in a free and open atmosphere, whose source code is open. It is therefore welcomed by more and more users. The identity authentication technology is the first gateway to access the operating system and its function is mainly to prove the identity of the user logging into the system. Identity authentication requires a set of trusted and reliable mechanisms to guarantee the security and validity of its process. The authentication framework adopted by the Linux operating system is a plug-in authentication module (PAM), which is a set of application program interfaces and provides a series of authentication mechanisms for the operating system, and the authentication framework can report the authentication structure (success or failure) to the user only after the user informs the PAM of the requirement of the authentication stage.
The user name and static password are the most widely adopted identity authentication modes at present. If a simple password is used, the password can be easily guessed, but if a complex password is used, the password can be easily forgotten. If recorded on some devices, it is also easily leaked. Therefore, authentication methods such as fingerprint recognition, iris recognition, face recognition and the like are also presented. These authentication mechanisms utilize unique, measurable, lifetime-invariant features of the human body for identity authentication, with very high security. And has the characteristics of difficult counterfeiting, difficult theft, difficult forgetting and the like. Compared with the authentication mode of user name and password, the method has the characteristics of safety, confidentiality, convenience and the like. However, to implement such authentication methods, it is generally necessary to additionally add devices capable of recognizing the biometric features to the computer, and these devices are generally valuable, which increases the production cost.
Therefore, it is necessary to provide a method for further improving the reliability of authentication based on user name, static password authentication, and the method does not significantly increase the cost.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects existing in the prior art, the invention provides a login authentication method based on a custom tag under Linux, which adds a custom tag authentication process based on user name and static password authentication to improve the authentication reliability.
Technical proposal
In order to achieve the above purpose, the invention is realized by the following technical scheme:
the invention provides a login authentication method based on a custom tag under Linux, which comprises the following steps:
s1, generating a system tag when a Linux system is installed or started, and generating a user tag when a user is created by the Linux system, wherein the system tag and the user tag both comprise N pieces of information for characterizing the system and the user;
s2, when a user logs in, a user tag of the user is obtained, and a tag information authentication stage is entered: comparing the information representing the system in the user tag of the user with the information representing the system in the system tag according to various comparison rules, and if the information representing the user in the user tag of the user is consistent with the information representing the user in the system tag, the tag information authentication is passed, otherwise, the tag information authentication is not passed;
and S3, if the label information authentication is passed, entering user name and password authentication, and if the user name and password authentication are consistent, allowing the user to log in.
Further, step S2 specifically includes:
when a user logs in, an authentication request comprising user information to be authenticated is sent to a PAM authentication module of the Linux system, wherein the user information to be authenticated comprises a user name and an environment variable;
and the PAM authentication module receives the authentication request, acquires a user tag of the user according to the user name, and enters a tag information authentication stage.
Further, the UID of the user is obtained according to the user name of the user, and then the user tag of the user is obtained according to the UID of the user.
Further, the PAM authentication module is provided with the plurality of comparison rules, and the plurality of comparison rules can be manually adjusted.
Further, the system tag and the user tag include at least a tag ID, an in-and-out type, an IP address, a port number, a communication protocol, an application type, an authorized user ID, or a packet ID.
The invention also provides an electronic device comprising a processor and a memory, the memory having stored thereon a computer program which, when executed by the processor, implements a method according to any of the preceding claims.
The present invention also provides a readable storage medium having a computer program stored therein, which when executed by a processor, implements the method of any of the above.
The beneficial effects are that:
the method provided by the invention increases a self-defined label authentication process on the basis of user name and static password authentication, and improves the authentication reliability; furthermore, the invention adopts a compatible method for authenticating the system by using the password based on the pluggable property and the usability of the PAM module, thereby avoiding additional equipment required by the biometric authentication and reducing the cost; finally, the information comparison logic in the tag can be customized, so that the flexibility of authentication is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It is evident that the drawings in the following description are only some embodiments of the present invention and that other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art.
FIG. 1 is a schematic diagram of steps of a login authentication method based on a custom tag in Linux according to an embodiment of the present invention;
fig. 2 is a PAM authentication module architecture diagram in a login authentication method based on a custom tag under Linux according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a login authentication method authentication flow based on a custom tag under Linux according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more clear, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. It will be apparent that the described embodiments are some, but not all, embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, an embodiment of the present invention provides a login authentication method based on a custom tag under Linux, including the following steps:
s1, generating a system tag when a Linux system is installed or started, and generating a user tag when a user is created by the Linux system, wherein the system tag and the user tag both comprise N pieces of information for characterizing the system and the user;
s2, when a user logs in, a user tag of the user is obtained, and a tag information authentication stage is entered: comparing the information representing the system in the user tag of the user with the information representing the system in the system tag according to various comparison rules, and if the information representing the user in the user tag of the user is consistent with the information representing the user in the system tag, the tag information authentication is passed, otherwise, the tag information authentication is not passed;
and S3, if the label information authentication is passed, entering user name and password authentication, and if the user name and password authentication are consistent, allowing the user to log in.
In the specific authentication, referring to fig. 3, comparing the user label of the login user with the first information in the system label according to rules, and if the user label fails, returning to failure; if successful, the next step is carried out; comparing the user label of the login user with the information II in the system label according to the rule II, and returning to failure if the user label fails; if successful, the next step is carried out; comparing the user label of the login user with the information III in the system label according to the rule III, and returning to failure if the user label fails; if successful, returning to the success..comparing the user tag of the login user with the information N in the system tag according to a rule N, and if the user tag fails, returning to the failure; if successful, returning success. Of course, those skilled in the art will appreciate that the number of comparison rules and the specific rules may be defined artificially and are merely illustrative herein. If the label authentication module returns a failure result, the authentication fails and login is not possible; if the label authentication module returns a successful result, the next authentication stage is entered. The next authentication phase is typically the verification of the user name and static password, which is conventional in the art and will not be described in detail here.
In this embodiment, step S2 specifically includes: when a user logs in, an authentication request comprising user information to be authenticated is sent to a PAM authentication module of the Linux system, wherein the user information to be authenticated comprises a user name and an environment variable; and the PAM authentication module receives the authentication request, acquires a user tag of the user according to the user name, and enters a tag information authentication stage.
Specifically, the architecture of the PAM authentication module is shown in fig. 2, and this architecture is mainly divided into four parts, namely, PAM application program (also called consumer), PAM library, PAM profile, PAM service module (also called provider). The architecture can provide a unified implementation for authentication-related operations. In this way, application developers can use PAM services without having to know the semantics of the policy, and can modify the algorithm independently of the individual applications. The application communicates with the PAM library through a PAM application programming interface (PAM API). The PAM authentication module communicates with a PAM library through a PAM service provider interface (PAM SPI). In this way, the PAM library can enable applications and modules to communicate with each other.
In this embodiment, the PAM authentication module is provided with the multiple comparison rules, and the multiple comparison rules may be manually adjusted. With the PAM authentication module, an administrator can adjust the verification process according to the needs of a particular program by modifying the configuration file without having to modify any application program. On the one hand, the invention adds the self-defined labels in the system and user plane, and on the other hand, based on the PAM authentication module and by utilizing the self-defined labels, the invention provides a system login authentication method based on the self-defined labels under Linux.
In this embodiment, the system tag and the user tag generally include at least a tag ID, an in-coming type, an IP address, a port number, a communication protocol, an application type, an authorized user ID, or a packet ID. Of course, it should be understood by those skilled in the art that the content of the system tag and the user tag is not limited and may be manually configured.
In this embodiment, the UID of the user is generally obtained according to the user name of the user, and then the user tag of the user is obtained according to the UID of the user. UID is an abbreviation for user identification (User Identification) and represents a numerical value automatically generated by the system upon registration of the network platform.
Based on the same conception, the invention also provides electronic equipment which comprises a processor and a memory, wherein the memory is stored with a computer program, and when the computer program is executed by the processor, the login authentication method based on the custom tag under Linux is realized.
The processor may be a central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor (e.g., GPU (Graphics Processing Unit-graphics processor)), or other data processing chip in some embodiments. The processor is typically used to control the overall operation of the electronic device. In this embodiment, the processor is configured to execute a program code stored in the memory or process data, for example, execute a program code of a login authentication method based on a custom tag under Linux.
The memory includes at least one type of readable storage medium including flash memory, hard disk, multimedia card, card memory (e.g., SD or DX memory, etc.), random Access Memory (RAM), static Random Access Memory (SRAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), programmable Read Only Memory (PROM), magnetic memory, magnetic disk, optical disk, etc. In some embodiments, the memory may be an internal storage unit of the electronic device, such as a hard disk or a memory of the electronic device. In other embodiments, the memory may also be an external storage device of the electronic device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like. Of course, the memory may also include both an internal memory unit and an external memory device of the electronic device. In this embodiment, the memory is generally used to store an operation method and various application software installed in the electronic device, for example, a program code of a login authentication method based on a custom tag under Linux. In addition, the memory may be used to temporarily store various types of data that have been output or are to be output.
Based on the same conception, the invention also provides a readable storage medium, wherein the readable storage medium stores a computer program, and when the computer program is executed by a processor, the login authentication method based on the custom tag under Linux is realized.
In summary, the method provided by the invention has the advantages that a self-defined label authentication process is added on the basis of user name and static password authentication, and the reliability of authentication is improved; furthermore, the invention adopts a compatible method for authenticating the system by using the password based on the pluggable property and the usability of the PAM module, thereby avoiding additional equipment required by the biometric authentication and reducing the cost; finally, the information comparison logic in the tag can be customized, so that the flexibility of authentication is improved.
The above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; these modifications or substitutions do not depart from the essence of the corresponding technical solutions from the protection scope of the technical solutions of the embodiments of the present invention.
Claims (6)
1. A login authentication method based on a custom tag in Linux is characterized by comprising the following steps:
s1, generating a system label when a Linux system is installed or started, and generating a user label when a user is created by the Linux system, wherein the system label and the user label both comprise a plurality of pieces of information for characterizing the system and the user;
s2, when a user logs in, a user tag of the user is obtained, and a tag information authentication stage is entered: comparing the information representing the system in the user tag of the user with the information representing the system in the system tag according to various comparison rules, and if the information representing the user in the user tag of the user is consistent with the information representing the user in the system tag, the tag information authentication is passed, otherwise, the tag information authentication is not passed;
s3, if the label information authentication is passed, entering user name and password authentication, and if the user name and password authentication are consistent, allowing the user to log in;
the system tag and the user tag include at least a tag ID, an in-and-out type, an IP address, a port number, a communication protocol, an application type, an authorized user ID, and a packet ID.
2. The login authentication method based on a custom tag in Linux according to claim 1, wherein step S2 specifically includes:
when a user logs in, an authentication request comprising user information to be authenticated is sent to a PAM authentication module of the Linux system, wherein the user information to be authenticated comprises a user name and an environment variable;
and the PAM authentication module receives the authentication request, acquires a user tag of the user according to the user name, and enters a tag information authentication stage.
3. The login authentication method based on the custom tag in Linux according to claim 2, wherein the UID of the user is obtained according to the user name of the user, and then the user tag of the user is obtained according to the UID of the user.
4. The login authentication method based on a custom tag under Linux according to claim 2, wherein the PAM authentication module is provided with the plurality of comparison rules, and the plurality of comparison rules are manually adjustable.
5. An electronic device comprising a processor and a memory, the memory having stored thereon a computer program which, when executed by the processor, implements the method of any of claims 1 to 4.
6. A readable storage medium, characterized in that the readable storage medium has stored therein a computer program which, when executed by a processor, implements the method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210465024.9A CN115085968B (en) | 2022-04-29 | 2022-04-29 | Login authentication method based on custom tag under Linux |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210465024.9A CN115085968B (en) | 2022-04-29 | 2022-04-29 | Login authentication method based on custom tag under Linux |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115085968A CN115085968A (en) | 2022-09-20 |
| CN115085968B true CN115085968B (en) | 2023-08-04 |
Family
ID=83247309
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210465024.9A Active CN115085968B (en) | 2022-04-29 | 2022-04-29 | Login authentication method based on custom tag under Linux |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115085968B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104361275A (en) * | 2014-11-13 | 2015-02-18 | 浪潮电子信息产业股份有限公司 | Method for managing login of root user of Linux system |
| CN104484594A (en) * | 2014-11-06 | 2015-04-01 | 中国科学院信息工程研究所 | Linux system privilege distribution method based on capability mechanism |
| CN106372550A (en) * | 2016-08-25 | 2017-02-01 | 辽宁工业大学 | Hash function-based MH lightweight security authentication system and method |
| CN106453321A (en) * | 2016-10-18 | 2017-02-22 | 郑州云海信息技术有限公司 | Authentication server, system and method, and to-be-authenticated terminal |
| CN106657098A (en) * | 2016-12-29 | 2017-05-10 | 郑州云海信息技术有限公司 | Authentication method, apparatus and system for logging in Linux operating system |
| CN108881243A (en) * | 2018-06-26 | 2018-11-23 | 晋商博创(北京)科技有限公司 | (SuSE) Linux OS login authentication method, equipment, terminal and server based on CPK |
| CN109784022A (en) * | 2018-11-27 | 2019-05-21 | 天津麒麟信息技术有限公司 | System authentication method and device based on bio-identification under a kind of Linux |
| CN111125668A (en) * | 2019-09-30 | 2020-05-08 | 武汉信安珞珈科技有限公司 | Method and system for enhancing login security of Linux operating system based on mobile terminal |
| CN112464213A (en) * | 2020-11-18 | 2021-03-09 | 苏州浪潮智能科技有限公司 | Operating system access control method, device, equipment and storage medium |
| CN112507308A (en) * | 2020-10-20 | 2021-03-16 | 麒麟软件有限公司 | Identity recognition and authentication method |
| CN113434742A (en) * | 2021-06-28 | 2021-09-24 | 青岛海尔科技有限公司 | Account screening method and device, storage medium and electronic device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101561748A (en) * | 2009-05-21 | 2009-10-21 | 阿里巴巴集团控股有限公司 | Display method and Display device of the tag detail in IM software |
-
2022
- 2022-04-29 CN CN202210465024.9A patent/CN115085968B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104484594A (en) * | 2014-11-06 | 2015-04-01 | 中国科学院信息工程研究所 | Linux system privilege distribution method based on capability mechanism |
| CN104361275A (en) * | 2014-11-13 | 2015-02-18 | 浪潮电子信息产业股份有限公司 | Method for managing login of root user of Linux system |
| CN106372550A (en) * | 2016-08-25 | 2017-02-01 | 辽宁工业大学 | Hash function-based MH lightweight security authentication system and method |
| CN106453321A (en) * | 2016-10-18 | 2017-02-22 | 郑州云海信息技术有限公司 | Authentication server, system and method, and to-be-authenticated terminal |
| CN106657098A (en) * | 2016-12-29 | 2017-05-10 | 郑州云海信息技术有限公司 | Authentication method, apparatus and system for logging in Linux operating system |
| CN108881243A (en) * | 2018-06-26 | 2018-11-23 | 晋商博创(北京)科技有限公司 | (SuSE) Linux OS login authentication method, equipment, terminal and server based on CPK |
| CN109784022A (en) * | 2018-11-27 | 2019-05-21 | 天津麒麟信息技术有限公司 | System authentication method and device based on bio-identification under a kind of Linux |
| CN111125668A (en) * | 2019-09-30 | 2020-05-08 | 武汉信安珞珈科技有限公司 | Method and system for enhancing login security of Linux operating system based on mobile terminal |
| CN112507308A (en) * | 2020-10-20 | 2021-03-16 | 麒麟软件有限公司 | Identity recognition and authentication method |
| CN112464213A (en) * | 2020-11-18 | 2021-03-09 | 苏州浪潮智能科技有限公司 | Operating system access control method, device, equipment and storage medium |
| CN113434742A (en) * | 2021-06-28 | 2021-09-24 | 青岛海尔科技有限公司 | Account screening method and device, storage medium and electronic device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115085968A (en) | 2022-09-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2730087C2 (en) | Method and device for biometric identification and biometric identification authentication | |
| US8171287B2 (en) | Access control system for information services based on a hardware and software signature of a requesting device | |
| AU2014235174B2 (en) | Controlling physical access to secure areas via client devices in a networked environment | |
| US6226744B1 (en) | Method and apparatus for authenticating users on a network using a smart card | |
| US8806616B2 (en) | System, method, and apparatus for allowing a service provider system to authenticate that a credential is from a proximate device | |
| EP2017765B1 (en) | System and method for out-of-band assisted biometric secure boot | |
| WO2017000829A1 (en) | Method for checking security based on biological features, client and server | |
| US20140259120A1 (en) | Authentication Entity Device, Verification Device and Authentication Request Device | |
| US20140101734A1 (en) | Credential authentication methods and systems | |
| CN101599832B (en) | Method and system of authenticating personal identity for logging in a network system | |
| WO2020181809A1 (en) | Data processing method and system based on interface checking, and computer device | |
| JP2009064202A (en) | Authentication server, client terminal, biometric authentication system and method, and program | |
| US20210349988A1 (en) | Systems and methods for decentralized recovery of identity attributes | |
| US10872610B2 (en) | Generating random pass-phrases using word-level recurrent neural networks | |
| CN108965222A (en) | Identity identifying method, system and computer readable storage medium | |
| CN113239853A (en) | Biological identification method, device and equipment based on privacy protection | |
| CN114996724B (en) | Safe operating system based on cryptographic algorithm module | |
| CN115085968B (en) | Login authentication method based on custom tag under Linux | |
| US9824202B2 (en) | Electronic access-protection system, method of operating a computer system, chip card and firmware component | |
| CN102457484A (en) | Method for checking user information by combining user name/password authentication and check code | |
| Lee et al. | A study on a secure USB mechanism that prevents the exposure of authentication information for smart human care services | |
| CN112182665B (en) | Equipment ID generation method, equipment binding method and device and computing equipment | |
| CN113923203B (en) | Network request verification method, device, equipment and storage medium | |
| KR102521684B1 (en) | metaverse platform system of transactions authentication associated with biometrics certification | |
| CN116232604A (en) | Authentication method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |