CN106789930A - A kind of single-point logging method of (SuSE) Linux OS - Google Patents

A kind of single-point logging method of (SuSE) Linux OS Download PDF

Info

Publication number
CN106789930A
CN106789930A CN201611069555.7A CN201611069555A CN106789930A CN 106789930 A CN106789930 A CN 106789930A CN 201611069555 A CN201611069555 A CN 201611069555A CN 106789930 A CN106789930 A CN 106789930A
Authority
CN
China
Prior art keywords
account
long
range
token
local
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611069555.7A
Other languages
Chinese (zh)
Inventor
崔学婷
陈伟
吕立松
孙志刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Yiming Ming Xin Software Co Ltd
Original Assignee
Beijing Yiming Ming Xin Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Yiming Ming Xin Software Co Ltd filed Critical Beijing Yiming Ming Xin Software Co Ltd
Priority to CN201611069555.7A priority Critical patent/CN106789930A/en
Publication of CN106789930A publication Critical patent/CN106789930A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a kind of single-point logging method of (SuSE) Linux OS, using the long-range account of account management server admin, operating system sends message to the long-range keeps, verify long-range account, after being proved to be successful, long-range keeps return to a token, and used as local authentication, all application programs in the operating system realize automated log on by inquiring about the token.The single-point logging method of the (SuSE) Linux OS that the present invention is provided, single-sign-on can be realized to (SuSE) Linux OS, local account and long-range account are bound, long-range account register system can be used, after login, the relative application software in system is logged in from the account is employed, perform the associative operations such as synchronization, renewal, the trouble of multiple login is eliminated, while local token authentication pattern strengthens account number safety guarantee, the need for practical application can be met well.

Description

A kind of single-point logging method of (SuSE) Linux OS
Technical field
The invention belongs to computer operating system technical field, and in particular to a kind of single-sign-on of (SuSE) Linux OS Method.
Background technology
With the development of Internet technology and commonly used, increasing application software, website need input account and Password, by just providing service after checking.In one operating system, possess numerous application software, multiple websites can be logged in, Therefore user's registration multiple accounts are generally required, multiple passwords are remembered, and continually login account is carried obtaining software and website The service of confession.In order to solve this problem, numerous Internet firms is proposed the concept of cloud account, and an account login is more Individual platform realizes single-sign-on, and Microsoft's cloud account of such as Windows, some cell phone manufacturers also provide cloud account etc..At present (SuSE) Linux OS can only be logged in the local user of system, it is impossible to long-range account register system.For not in system , there are different accounts same application software and website.User needs repeatedly registration, frequently enters account and password is logged in, and Remember many set account number ciphers.When account and password are verified every time, account and password to server end, account are all sent by internet Number information frequent transmission in internet, is unfavorable for account number safety.
The content of the invention
For above-mentioned problems of the prior art, above-mentioned skill can be avoided the occurrence of it is an object of the invention to provide one kind The single-point logging method of the (SuSE) Linux OS of art defect.
In order to realize foregoing invention purpose, the technical scheme that the present invention is provided is as follows:
A kind of single-point logging method of (SuSE) Linux OS, using the long-range account of account management server admin, operation system Unite and send message to the long-range keeps, verify long-range account, after being proved to be successful, long-range keeps return to one Token, used as local authentication, all application programs in the operating system realize automated log on by inquiring about the token.
Further, the token is random, regularly updates.
Further, the single-point logging method of the (SuSE) Linux OS specifically includes following steps:
Step 1) (SuSE) Linux OS is logged in local account;
Step 2) the long-range account of registration:After register system, account Accreditation System is opened by browser, by mailbox Long-range account is registered, after succeeding in registration, account management server can preserve corresponding account and password;
Step 3) the long-range account of binding:After succeeding in registration, the binding module of start-up operation system is input into long-range account and close Code, binding module can send it to account management server and be authenticated, and after being verified, account management server can be returned One token, is saved in local;Meanwhile, binding module can be locally generated a hiding encryption file, preserve account binding Information;
Step 4) register system:During user login operation system, username and password, PAM authentication module meetings are input into Carry out local verification;
Step 5) update token:After operating system is logined successfully, the background authentication module of operating system can be periodically automatic Checking information is sent to account management server, after account management server authentication passes through, a new token, old token is returned to Failure, the purpose of token is constantly updated to reach, and protects account number safety;
Step 6) automated log on:After operating system is logined successfully, application software and website are obtained by accessing binding module The long-range account of binding is taken, and whether long-range account is verified by query token effectively, if being proved to be successful, the application software Or website is with the long-range account automated log on.
Further, in the step 4) in, when PAM authentication modules get account and password, first judge user input Be local account or long-range account, long-range account is legal name, and local account does not contain@symbols, is made with this To distinguish;
When user input be local account when, PAM authentication modules can be inquired about and verify local account and password, if log in Success, then start binding module, and the local hiding encryption file of inquiry inquires about binding information, confirms whether the local account ties up Determine long-range account, if having bound long-range account, started background authentication module, send the long-range account of binding and existing order Board, is verified to account management server, if by certification, account management server can return to a new token, old order Board fails;
When user input be long-range account when, PAM authentication modules can inquire about long-range account and whether existing token has corresponded to, If by checking, long-range account logins successfully, and starts background authentication module, and background authentication module sends long-range account and existing To account management server, if by checking, account management server returns to a new token, old token failure to token.
The single-point logging method of the (SuSE) Linux OS that the present invention is provided, can realize that single-point is stepped on to (SuSE) Linux OS Record, local account and long-range account are bound, and can use long-range account register system, and after login, the correlation in system should Logged in from the account is employed with software, perform the associative operations such as synchronization, renewal, the trouble of multiple login is eliminated, while locally Token authentication pattern strengthens account number safety guarantee, the need for can meeting practical application well.
Brief description of the drawings
Fig. 1 is principle schematic of the invention;
Fig. 2 is specific steps flow chart of the invention.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, below in conjunction with the accompanying drawings and specific implementation The present invention will be further described for example.It should be appreciated that specific embodiment described herein is only used to explain the present invention, and without It is of the invention in limiting.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creative work premise Lower obtained every other embodiment, belongs to the scope of protection of the invention.
As shown in figure 1, a kind of single-point logging method of (SuSE) Linux OS, long-range using account management server admin Account, operating system sends message to the long-range keeps, verifies long-range account, after being proved to be successful, long-range account clothes Business device returns to a token, and used as local authentication, all application programs in the operating system are by inquiring about the token come real Existing automated log on.
Specifically, as shown in Fig. 2 the single-point logging method of the (SuSE) Linux OS specifically includes following steps:
Step 1) (SuSE) Linux OS is logged in local account;
Step 2) the long-range account of registration:After register system, account Accreditation System is opened by browser, by mailbox Long-range account is registered, after succeeding in registration, account management server can preserve corresponding account and password;
Step 3) the long-range account of binding:After succeeding in registration, the binding module of start-up operation system is input into long-range account and close Code, binding module can send it to account management server and be authenticated, and after being verified, account management server can be returned One token, is saved in local;Meanwhile, binding module can be locally generated a hiding encryption file, preserve account binding Information;
Step 4) register system:During user login operation system, username and password, PAM authentication module meetings are input into Carry out local verification;
When PAM authentication modules get account and password, first judge user input is local account or long-range account, Long-range account is legal name, and local account does not contain@symbols, is used as distinguishing with this;
When user input be local account when, PAM authentication modules can be inquired about and verify local account and password, if log in Success, then start binding module, and the local hiding encryption file of inquiry inquires about binding information, confirms whether the local account ties up Determine long-range account, if having bound long-range account, started background authentication module, send the long-range account of binding and existing order Board, is verified to account management server, if by certification, account management server can return to a new token, old order Board fails;
When user input be long-range account when, PAM authentication modules can inquire about long-range account and whether existing token has corresponded to, If by checking, long-range account logins successfully, and starts background authentication module, and background authentication module sends long-range account and existing To account management server, if by checking, account management server returns to a new token, old token failure to token;
Step 5) update token:After operating system is logined successfully, the background authentication module of operating system can be periodically automatic Checking information is sent to account management server, after account management server authentication passes through, a new token, old token is returned to Failure, the purpose of token is constantly updated to reach, and protects account number safety;
Step 6) automated log on:After operating system is logined successfully, application software and website are obtained by accessing binding module The long-range account of binding is taken, and whether long-range account is verified by query token effectively, if being proved to be successful, the application software Or website is with the long-range account automated log on.
The single-point logging method of the (SuSE) Linux OS that the present invention is provided, can realize that single-point is stepped on to (SuSE) Linux OS Record, local account and long-range account are bound, and can use long-range account register system, and after login, the correlation in system should Logged in from the account is employed with software, perform the associative operations such as synchronization, renewal, the trouble of multiple login is eliminated, while locally Token authentication pattern strengthens account number safety guarantee, the need for can meeting practical application well.
Embodiment described above only expresses embodiments of the present invention, and its description is more specific and detailed, but can not Therefore it is interpreted as the limitation to the scope of the claims of the present invention.It should be pointed out that for the person of ordinary skill of the art, Without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to protection model of the invention Enclose.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.

Claims (4)

1. a kind of single-point logging method of (SuSE) Linux OS, it is characterised in that utilize the long-range account of account management server admin Number, operating system sends message to the long-range keeps, verifies long-range account, after being proved to be successful, long-range account service Device returns to a token, and used as local authentication, all application programs in the operating system are realized by inquiring about the token Automated log on.
2. linux system login method according to claim 1, it is characterised in that the token is random, periodically more New.
3. the single-point logging method of the (SuSE) Linux OS according to claim 1-2, it is characterised in that the Linux behaviour The single-point logging method for making system specifically includes following steps:
Step 1) (SuSE) Linux OS is logged in local account;
Step 2) the long-range account of registration:After register system, account Accreditation System is opened by browser, registered by mailbox Long-range account, after succeeding in registration, account management server can preserve corresponding account and password;
Step 3) the long-range account of binding:After succeeding in registration, the binding module of start-up operation system is input into long-range account and password, Binding module can send it to account management server and be authenticated, and after being verified, account management server can return to one Individual token, is saved in local;Meanwhile, binding module can be locally generated a hiding encryption file, preserve account binding Information;
Step 4) register system:During user login operation system, username and password is input into, PAM authentication modules can be carried out Local verification;
Step 5) update token:After operating system is logined successfully, the background authentication module of operating system can periodically from trend account Number management server sends checking information, after account management server authentication passes through, returns to a new token, and old token loses Effect, the purpose of token is constantly updated to reach, and protects account number safety;
Step 6) automated log on:After operating system is logined successfully, application software and website are obtained by accessing binding module and tied up Fixed long-range account, and whether long-range account is verified by query token effectively, if being proved to be successful, the application software or net Stand with the long-range account automated log on.
4. the step 4 according to claim 1-3), it is characterised in that in the step 4) in, PAM authentication modules get When account and password, first judge user input is local account or long-range account, and long-range account is legal name, this Ground account does not contain@symbols, is used as distinguishing with this;
When user input be local account when, PAM authentication modules can be inquired about and verify local account and password, if logging in into Work(, then start binding module, and the local hiding encryption file of inquiry inquires about binding information, confirms whether the local account binds Long-range account, if bound long-range account, starts background authentication module, sends the long-range account of binding and existing order Board, is verified to account management server, if by certification, account management server can return to a new token, old order Board fails.
When user input be long-range account when, PAM authentication modules can inquire about long-range account and whether existing token has corresponded to, if logical Checking is crossed, then long-range account is logined successfully, start background authentication module, background authentication module sends long-range account and existing token To account management server, if by checking, account management server returns to a new token, old token failure.
CN201611069555.7A 2016-11-28 2016-11-28 A kind of single-point logging method of (SuSE) Linux OS Pending CN106789930A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611069555.7A CN106789930A (en) 2016-11-28 2016-11-28 A kind of single-point logging method of (SuSE) Linux OS

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611069555.7A CN106789930A (en) 2016-11-28 2016-11-28 A kind of single-point logging method of (SuSE) Linux OS

Publications (1)

Publication Number Publication Date
CN106789930A true CN106789930A (en) 2017-05-31

Family

ID=58902447

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611069555.7A Pending CN106789930A (en) 2016-11-28 2016-11-28 A kind of single-point logging method of (SuSE) Linux OS

Country Status (1)

Country Link
CN (1) CN106789930A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107920063A (en) * 2017-11-07 2018-04-17 杭州安恒信息技术有限公司 A kind of method of online updating tokenID
CN109525561A (en) * 2018-10-26 2019-03-26 深圳点猫科技有限公司 It is a kind of for educating the authorization login method and device of operating system
CN110278179A (en) * 2018-03-15 2019-09-24 阿里巴巴集团控股有限公司 Single-point logging method, device and system and electronic equipment
CN111614641A (en) * 2020-05-11 2020-09-01 北京电信易通信息技术股份有限公司 Cloud account management system and application method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685202A (en) * 2011-03-03 2012-09-19 微软公司 Sharing user ID between operating system and application
CN102739708A (en) * 2011-04-07 2012-10-17 腾讯科技(深圳)有限公司 System and method for accessing third party application based on cloud platform
CN103023875A (en) * 2012-11-21 2013-04-03 北京荣之联科技股份有限公司 Account management system and method
CN104580074A (en) * 2013-10-14 2015-04-29 阿里巴巴集团控股有限公司 Logging method of client end application and corresponding server of logging method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685202A (en) * 2011-03-03 2012-09-19 微软公司 Sharing user ID between operating system and application
CN102739708A (en) * 2011-04-07 2012-10-17 腾讯科技(深圳)有限公司 System and method for accessing third party application based on cloud platform
CN103023875A (en) * 2012-11-21 2013-04-03 北京荣之联科技股份有限公司 Account management system and method
CN104580074A (en) * 2013-10-14 2015-04-29 阿里巴巴集团控股有限公司 Logging method of client end application and corresponding server of logging method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
下载之家: "Win10系统绑定微软账户到本地电脑上的方法", 《HTTPS://WWW.XIAZAIZHIJIA.COM/RJJC/99798.HTML》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107920063A (en) * 2017-11-07 2018-04-17 杭州安恒信息技术有限公司 A kind of method of online updating tokenID
CN110278179A (en) * 2018-03-15 2019-09-24 阿里巴巴集团控股有限公司 Single-point logging method, device and system and electronic equipment
CN110278179B (en) * 2018-03-15 2021-08-10 阿里巴巴集团控股有限公司 Single sign-on method, device and system and electronic equipment
CN109525561A (en) * 2018-10-26 2019-03-26 深圳点猫科技有限公司 It is a kind of for educating the authorization login method and device of operating system
CN109525561B (en) * 2018-10-26 2021-08-20 深圳点猫科技有限公司 Authorized login method and device for education operating system
CN111614641A (en) * 2020-05-11 2020-09-01 北京电信易通信息技术股份有限公司 Cloud account management system and application method

Similar Documents

Publication Publication Date Title
CN112597472B (en) Single sign-on method, device and storage medium
CN103248699B (en) Multi-account processing method of single sign on (SSO) information system
US9338155B2 (en) Security device provisioning
CN104468553B (en) A kind of method, apparatus and system that public account logs in
CN108200050A (en) Single logging-on server, method and computer readable storage medium
CN104301316A (en) Single sign-on system and implementation method thereof
CN104378376A (en) SOA-based single-point login method, authentication server and browser
CN103986584A (en) Double-factor identity verification method based on intelligent equipment
CN101193027A (en) A single-point login system and method for integrated isomerous system
CN105337949A (en) SSO (Single Sign On) authentication method, web server, authentication center and token check center
CN111062023B (en) Method and device for realizing single sign-on of multi-application system
WO2014048749A1 (en) Inter-domain single sign-on
CN108259502A (en) For obtaining the identification method of interface access rights, server-side and storage medium
CN106789930A (en) A kind of single-point logging method of (SuSE) Linux OS
CN104506499A (en) Single sign-on method and device for application systems
CN105323253A (en) Identity verification method and device
CN105162775A (en) Logging method and device of virtual machine
CN106161710B (en) A kind of user account safety management system based on smart phone
CN105022939B (en) Information Authentication method and device
CN105812350A (en) Cross-platform single-point registration system
CN112118269A (en) Identity authentication method, system, computing equipment and readable storage medium
CN110324344A (en) The method and device of account information certification
CN115037557B (en) Temporary identity authentication method and device for user access application
CN110175439A (en) User management method, device, equipment and computer readable storage medium
CN102571874A (en) On-line audit method and device in distributed system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170531

RJ01 Rejection of invention patent application after publication