CN106789930A - A kind of single-point logging method of (SuSE) Linux OS - Google Patents

A kind of single-point logging method of (SuSE) Linux OS Download PDF

Info

Publication number
CN106789930A
CN106789930A CN201611069555.7A CN201611069555A CN106789930A CN 106789930 A CN106789930 A CN 106789930A CN 201611069555 A CN201611069555 A CN 201611069555A CN 106789930 A CN106789930 A CN 106789930A
Authority
CN
China
Prior art keywords
account
long
range
token
local
Prior art date
Application number
CN201611069555.7A
Other languages
Chinese (zh)
Inventor
崔学婷
陈伟
吕立松
孙志刚
Original Assignee
北京铭铭鑫软件有限公司
北京一铭铭鑫软件有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京铭铭鑫软件有限公司, 北京一铭铭鑫软件有限公司 filed Critical 北京铭铭鑫软件有限公司
Priority to CN201611069555.7A priority Critical patent/CN106789930A/en
Publication of CN106789930A publication Critical patent/CN106789930A/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0815Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network providing single-sign-on or federations

Abstract

The present invention relates to a kind of single-point logging method of (SuSE) Linux OS, using the long-range account of account management server admin, operating system sends message to the long-range keeps, verify long-range account, after being proved to be successful, long-range keeps return to a token, and used as local authentication, all application programs in the operating system realize automated log on by inquiring about the token.The single-point logging method of the (SuSE) Linux OS that the present invention is provided, single-sign-on can be realized to (SuSE) Linux OS, local account and long-range account are bound, long-range account register system can be used, after login, the relative application software in system is logged in from the account is employed, perform the associative operations such as synchronization, renewal, the trouble of multiple login is eliminated, while local token authentication pattern strengthens account number safety guarantee, the need for practical application can be met well.

Description

A kind of single-point logging method of (SuSE) Linux OS

Technical field

The invention belongs to computer operating system technical field, and in particular to a kind of single-sign-on of (SuSE) Linux OS Method.

Background technology

With the development of Internet technology and commonly used, increasing application software, website need input account and Password, by just providing service after checking.In one operating system, possess numerous application software, multiple websites can be logged in, Therefore user's registration multiple accounts are generally required, multiple passwords are remembered, and continually login account is carried obtaining software and website The service of confession.In order to solve this problem, numerous Internet firms is proposed the concept of cloud account, and an account login is more Individual platform realizes single-sign-on, and Microsoft's cloud account of such as Windows, some cell phone manufacturers also provide cloud account etc..At present (SuSE) Linux OS can only be logged in the local user of system, it is impossible to long-range account register system.For not in system , there are different accounts same application software and website.User needs repeatedly registration, frequently enters account and password is logged in, and Remember many set account number ciphers.When account and password are verified every time, account and password to server end, account are all sent by internet Number information frequent transmission in internet, is unfavorable for account number safety.

The content of the invention

For above-mentioned problems of the prior art, above-mentioned skill can be avoided the occurrence of it is an object of the invention to provide one kind The single-point logging method of the (SuSE) Linux OS of art defect.

In order to realize foregoing invention purpose, the technical scheme that the present invention is provided is as follows:

A kind of single-point logging method of (SuSE) Linux OS, using the long-range account of account management server admin, operation system Unite and send message to the long-range keeps, verify long-range account, after being proved to be successful, long-range keeps return to one Token, used as local authentication, all application programs in the operating system realize automated log on by inquiring about the token.

Further, the token is random, regularly updates.

Further, the single-point logging method of the (SuSE) Linux OS specifically includes following steps:

Step 1) (SuSE) Linux OS is logged in local account;

Step 2) the long-range account of registration:After register system, account Accreditation System is opened by browser, by mailbox Long-range account is registered, after succeeding in registration, account management server can preserve corresponding account and password;

Step 3) the long-range account of binding:After succeeding in registration, the binding module of start-up operation system is input into long-range account and close Code, binding module can send it to account management server and be authenticated, and after being verified, account management server can be returned One token, is saved in local;Meanwhile, binding module can be locally generated a hiding encryption file, preserve account binding Information;

Step 4) register system:During user login operation system, username and password, PAM authentication module meetings are input into Carry out local verification;

Step 5) update token:After operating system is logined successfully, the background authentication module of operating system can be periodically automatic Checking information is sent to account management server, after account management server authentication passes through, a new token, old token is returned to Failure, the purpose of token is constantly updated to reach, and protects account number safety;

Step 6) automated log on:After operating system is logined successfully, application software and website are obtained by accessing binding module The long-range account of binding is taken, and whether long-range account is verified by query token effectively, if being proved to be successful, the application software Or website is with the long-range account automated log on.

Further, in the step 4) in, when PAM authentication modules get account and password, first judge user input Be local account or long-range account, long-range account is legal name, and local account does not contain@symbols, is made with this To distinguish;

When user input be local account when, PAM authentication modules can be inquired about and verify local account and password, if log in Success, then start binding module, and the local hiding encryption file of inquiry inquires about binding information, confirms whether the local account ties up Determine long-range account, if having bound long-range account, started background authentication module, send the long-range account of binding and existing order Board, is verified to account management server, if by certification, account management server can return to a new token, old order Board fails;

When user input be long-range account when, PAM authentication modules can inquire about long-range account and whether existing token has corresponded to, If by checking, long-range account logins successfully, and starts background authentication module, and background authentication module sends long-range account and existing To account management server, if by checking, account management server returns to a new token, old token failure to token.

The single-point logging method of the (SuSE) Linux OS that the present invention is provided, can realize that single-point is stepped on to (SuSE) Linux OS Record, local account and long-range account are bound, and can use long-range account register system, and after login, the correlation in system should Logged in from the account is employed with software, perform the associative operations such as synchronization, renewal, the trouble of multiple login is eliminated, while locally Token authentication pattern strengthens account number safety guarantee, the need for can meeting practical application well.

Brief description of the drawings

Fig. 1 is principle schematic of the invention;

Fig. 2 is specific steps flow chart of the invention.

Specific embodiment

In order to make the purpose , technical scheme and advantage of the present invention be clearer, below in conjunction with the accompanying drawings and specific implementation The present invention will be further described for example.It should be appreciated that specific embodiment described herein is only used to explain the present invention, and without It is of the invention in limiting.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creative work premise Lower obtained every other embodiment, belongs to the scope of protection of the invention.

As shown in figure 1, a kind of single-point logging method of (SuSE) Linux OS, long-range using account management server admin Account, operating system sends message to the long-range keeps, verifies long-range account, after being proved to be successful, long-range account clothes Business device returns to a token, and used as local authentication, all application programs in the operating system are by inquiring about the token come real Existing automated log on.

Specifically, as shown in Fig. 2 the single-point logging method of the (SuSE) Linux OS specifically includes following steps:

Step 1) (SuSE) Linux OS is logged in local account;

Step 2) the long-range account of registration:After register system, account Accreditation System is opened by browser, by mailbox Long-range account is registered, after succeeding in registration, account management server can preserve corresponding account and password;

Step 3) the long-range account of binding:After succeeding in registration, the binding module of start-up operation system is input into long-range account and close Code, binding module can send it to account management server and be authenticated, and after being verified, account management server can be returned One token, is saved in local;Meanwhile, binding module can be locally generated a hiding encryption file, preserve account binding Information;

Step 4) register system:During user login operation system, username and password, PAM authentication module meetings are input into Carry out local verification;

When PAM authentication modules get account and password, first judge user input is local account or long-range account, Long-range account is legal name, and local account does not contain@symbols, is used as distinguishing with this;

When user input be local account when, PAM authentication modules can be inquired about and verify local account and password, if log in Success, then start binding module, and the local hiding encryption file of inquiry inquires about binding information, confirms whether the local account ties up Determine long-range account, if having bound long-range account, started background authentication module, send the long-range account of binding and existing order Board, is verified to account management server, if by certification, account management server can return to a new token, old order Board fails;

When user input be long-range account when, PAM authentication modules can inquire about long-range account and whether existing token has corresponded to, If by checking, long-range account logins successfully, and starts background authentication module, and background authentication module sends long-range account and existing To account management server, if by checking, account management server returns to a new token, old token failure to token;

Step 5) update token:After operating system is logined successfully, the background authentication module of operating system can be periodically automatic Checking information is sent to account management server, after account management server authentication passes through, a new token, old token is returned to Failure, the purpose of token is constantly updated to reach, and protects account number safety;

Step 6) automated log on:After operating system is logined successfully, application software and website are obtained by accessing binding module The long-range account of binding is taken, and whether long-range account is verified by query token effectively, if being proved to be successful, the application software Or website is with the long-range account automated log on.

The single-point logging method of the (SuSE) Linux OS that the present invention is provided, can realize that single-point is stepped on to (SuSE) Linux OS Record, local account and long-range account are bound, and can use long-range account register system, and after login, the correlation in system should Logged in from the account is employed with software, perform the associative operations such as synchronization, renewal, the trouble of multiple login is eliminated, while locally Token authentication pattern strengthens account number safety guarantee, the need for can meeting practical application well.

Embodiment described above only expresses embodiments of the present invention, and its description is more specific and detailed, but can not Therefore it is interpreted as the limitation to the scope of the claims of the present invention.It should be pointed out that for the person of ordinary skill of the art, Without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to protection model of the invention Enclose.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.

Claims (4)

1. a kind of single-point logging method of (SuSE) Linux OS, it is characterised in that utilize the long-range account of account management server admin Number, operating system sends message to the long-range keeps, verifies long-range account, after being proved to be successful, long-range account service Device returns to a token, and used as local authentication, all application programs in the operating system are realized by inquiring about the token Automated log on.
2. linux system login method according to claim 1, it is characterised in that the token is random, periodically more New.
3. the single-point logging method of the (SuSE) Linux OS according to claim 1-2, it is characterised in that the Linux behaviour The single-point logging method for making system specifically includes following steps:
Step 1) (SuSE) Linux OS is logged in local account;
Step 2) the long-range account of registration:After register system, account Accreditation System is opened by browser, registered by mailbox Long-range account, after succeeding in registration, account management server can preserve corresponding account and password;
Step 3) the long-range account of binding:After succeeding in registration, the binding module of start-up operation system is input into long-range account and password, Binding module can send it to account management server and be authenticated, and after being verified, account management server can return to one Individual token, is saved in local;Meanwhile, binding module can be locally generated a hiding encryption file, preserve account binding Information;
Step 4) register system:During user login operation system, username and password is input into, PAM authentication modules can be carried out Local verification;
Step 5) update token:After operating system is logined successfully, the background authentication module of operating system can periodically from trend account Number management server sends checking information, after account management server authentication passes through, returns to a new token, and old token loses Effect, the purpose of token is constantly updated to reach, and protects account number safety;
Step 6) automated log on:After operating system is logined successfully, application software and website are obtained by accessing binding module and tied up Fixed long-range account, and whether long-range account is verified by query token effectively, if being proved to be successful, the application software or net Stand with the long-range account automated log on.
4. the step 4 according to claim 1-3), it is characterised in that in the step 4) in, PAM authentication modules get When account and password, first judge user input is local account or long-range account, and long-range account is legal name, this Ground account does not contain@symbols, is used as distinguishing with this;
When user input be local account when, PAM authentication modules can be inquired about and verify local account and password, if logging in into Work(, then start binding module, and the local hiding encryption file of inquiry inquires about binding information, confirms whether the local account binds Long-range account, if bound long-range account, starts background authentication module, sends the long-range account of binding and existing order Board, is verified to account management server, if by certification, account management server can return to a new token, old order Board fails.
When user input be long-range account when, PAM authentication modules can inquire about long-range account and whether existing token has corresponded to, if logical Checking is crossed, then long-range account is logined successfully, start background authentication module, background authentication module sends long-range account and existing token To account management server, if by checking, account management server returns to a new token, old token failure.
CN201611069555.7A 2016-11-28 2016-11-28 A kind of single-point logging method of (SuSE) Linux OS CN106789930A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611069555.7A CN106789930A (en) 2016-11-28 2016-11-28 A kind of single-point logging method of (SuSE) Linux OS

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611069555.7A CN106789930A (en) 2016-11-28 2016-11-28 A kind of single-point logging method of (SuSE) Linux OS

Publications (1)

Publication Number Publication Date
CN106789930A true CN106789930A (en) 2017-05-31

Family

ID=58902447

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611069555.7A CN106789930A (en) 2016-11-28 2016-11-28 A kind of single-point logging method of (SuSE) Linux OS

Country Status (1)

Country Link
CN (1) CN106789930A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107920063A (en) * 2017-11-07 2018-04-17 杭州安恒信息技术有限公司 A kind of method of online updating tokenID

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685202A (en) * 2011-03-03 2012-09-19 微软公司 Sharing user ID between operating system and application
CN102739708A (en) * 2011-04-07 2012-10-17 腾讯科技(深圳)有限公司 System and method for accessing third party application based on cloud platform
CN103023875A (en) * 2012-11-21 2013-04-03 北京荣之联科技股份有限公司 Account management system and method
CN104580074A (en) * 2013-10-14 2015-04-29 阿里巴巴集团控股有限公司 Logging method of client end application and corresponding server of logging method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685202A (en) * 2011-03-03 2012-09-19 微软公司 Sharing user ID between operating system and application
CN102739708A (en) * 2011-04-07 2012-10-17 腾讯科技(深圳)有限公司 System and method for accessing third party application based on cloud platform
CN103023875A (en) * 2012-11-21 2013-04-03 北京荣之联科技股份有限公司 Account management system and method
CN104580074A (en) * 2013-10-14 2015-04-29 阿里巴巴集团控股有限公司 Logging method of client end application and corresponding server of logging method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
下载之家: "Win10系统绑定微软账户到本地电脑上的方法", 《HTTPS://WWW.XIAZAIZHIJIA.COM/RJJC/99798.HTML》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107920063A (en) * 2017-11-07 2018-04-17 杭州安恒信息技术有限公司 A kind of method of online updating tokenID

Similar Documents

Publication Publication Date Title
US9648044B2 (en) Securing communication over a network using client system authorization and dynamically assigned proxy servers
US10200357B2 (en) Mobile single-sign-on authentication using browser as intermediary
US9288195B2 (en) Single sign on with multiple authentication factors
US9729539B1 (en) Network access session detection to provide single-sign on (SSO) functionality for a network access control device
US10237261B2 (en) Systems and methods for location-based authentication
US9432339B1 (en) Automated token renewal using OTP-based authentication codes
US9369460B2 (en) Authentication manager
US9491182B2 (en) Methods and systems for secure internet access and services
US9098689B2 (en) Efficiently throttling user authentication
US10567385B2 (en) System and method for provisioning a security token
US8955082B2 (en) Authenticating using cloud authentication
CN102638473B (en) User data authorization method, device and system
KR101583741B1 (en) Two-Factor Authentication Systems and Methods
JP5197843B1 (en) Authentication linkage system and ID provider device
CN102638454B (en) Plug-in type SSO (single signon) integration method oriented to HTTP (hypertext transfer protocol) identity authentication protocol
US8683562B2 (en) Secure authentication using one-time passwords
US8584224B1 (en) Ticket based strong authentication with web service
CN103023918B (en) The mthods, systems and devices logged in are provided for multiple network services are unified
EP3375161A1 (en) Single sign-on identity management between local and remote systems
CN104378376B (en) Single-point logging method, certificate server and browser based on SOA
US7546630B2 (en) Methods, systems, and media to authenticate a user
US9882940B2 (en) Method for logging in a website hosted by a server by multi-account and the client
CN101075875B (en) Method and system for realizing monopoint login between gate and system
EP2359576B1 (en) Domain based authentication scheme
JP4616352B2 (en) User confirmation apparatus, method and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination