CN106789930A - A kind of single-point logging method of (SuSE) Linux OS - Google Patents
A kind of single-point logging method of (SuSE) Linux OS Download PDFInfo
- Publication number
- CN106789930A CN106789930A CN201611069555.7A CN201611069555A CN106789930A CN 106789930 A CN106789930 A CN 106789930A CN 201611069555 A CN201611069555 A CN 201611069555A CN 106789930 A CN106789930 A CN 106789930A
- Authority
- CN
- China
- Prior art keywords
- account
- long
- range
- token
- local
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/41—User authentication where a single sign-on provides access to a plurality of computers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of single-point logging method of (SuSE) Linux OS, using the long-range account of account management server admin, operating system sends message to the long-range keeps, verify long-range account, after being proved to be successful, long-range keeps return to a token, and used as local authentication, all application programs in the operating system realize automated log on by inquiring about the token.The single-point logging method of the (SuSE) Linux OS that the present invention is provided, single-sign-on can be realized to (SuSE) Linux OS, local account and long-range account are bound, long-range account register system can be used, after login, the relative application software in system is logged in from the account is employed, perform the associative operations such as synchronization, renewal, the trouble of multiple login is eliminated, while local token authentication pattern strengthens account number safety guarantee, the need for practical application can be met well.
Description
Technical field
The invention belongs to computer operating system technical field, and in particular to a kind of single-sign-on of (SuSE) Linux OS
Method.
Background technology
With the development of Internet technology and commonly used, increasing application software, website need input account and
Password, by just providing service after checking.In one operating system, possess numerous application software, multiple websites can be logged in,
Therefore user's registration multiple accounts are generally required, multiple passwords are remembered, and continually login account is carried obtaining software and website
The service of confession.In order to solve this problem, numerous Internet firms is proposed the concept of cloud account, and an account login is more
Individual platform realizes single-sign-on, and Microsoft's cloud account of such as Windows, some cell phone manufacturers also provide cloud account etc..At present
(SuSE) Linux OS can only be logged in the local user of system, it is impossible to long-range account register system.For not in system
, there are different accounts same application software and website.User needs repeatedly registration, frequently enters account and password is logged in, and
Remember many set account number ciphers.When account and password are verified every time, account and password to server end, account are all sent by internet
Number information frequent transmission in internet, is unfavorable for account number safety.
The content of the invention
For above-mentioned problems of the prior art, above-mentioned skill can be avoided the occurrence of it is an object of the invention to provide one kind
The single-point logging method of the (SuSE) Linux OS of art defect.
In order to realize foregoing invention purpose, the technical scheme that the present invention is provided is as follows:
A kind of single-point logging method of (SuSE) Linux OS, using the long-range account of account management server admin, operation system
Unite and send message to the long-range keeps, verify long-range account, after being proved to be successful, long-range keeps return to one
Token, used as local authentication, all application programs in the operating system realize automated log on by inquiring about the token.
Further, the token is random, regularly updates.
Further, the single-point logging method of the (SuSE) Linux OS specifically includes following steps:
Step 1) (SuSE) Linux OS is logged in local account;
Step 2) the long-range account of registration:After register system, account Accreditation System is opened by browser, by mailbox
Long-range account is registered, after succeeding in registration, account management server can preserve corresponding account and password;
Step 3) the long-range account of binding:After succeeding in registration, the binding module of start-up operation system is input into long-range account and close
Code, binding module can send it to account management server and be authenticated, and after being verified, account management server can be returned
One token, is saved in local;Meanwhile, binding module can be locally generated a hiding encryption file, preserve account binding
Information;
Step 4) register system:During user login operation system, username and password, PAM authentication module meetings are input into
Carry out local verification;
Step 5) update token:After operating system is logined successfully, the background authentication module of operating system can be periodically automatic
Checking information is sent to account management server, after account management server authentication passes through, a new token, old token is returned to
Failure, the purpose of token is constantly updated to reach, and protects account number safety;
Step 6) automated log on:After operating system is logined successfully, application software and website are obtained by accessing binding module
The long-range account of binding is taken, and whether long-range account is verified by query token effectively, if being proved to be successful, the application software
Or website is with the long-range account automated log on.
Further, in the step 4) in, when PAM authentication modules get account and password, first judge user input
Be local account or long-range account, long-range account is legal name, and local account does not contain@symbols, is made with this
To distinguish;
When user input be local account when, PAM authentication modules can be inquired about and verify local account and password, if log in
Success, then start binding module, and the local hiding encryption file of inquiry inquires about binding information, confirms whether the local account ties up
Determine long-range account, if having bound long-range account, started background authentication module, send the long-range account of binding and existing order
Board, is verified to account management server, if by certification, account management server can return to a new token, old order
Board fails;
When user input be long-range account when, PAM authentication modules can inquire about long-range account and whether existing token has corresponded to,
If by checking, long-range account logins successfully, and starts background authentication module, and background authentication module sends long-range account and existing
To account management server, if by checking, account management server returns to a new token, old token failure to token.
The single-point logging method of the (SuSE) Linux OS that the present invention is provided, can realize that single-point is stepped on to (SuSE) Linux OS
Record, local account and long-range account are bound, and can use long-range account register system, and after login, the correlation in system should
Logged in from the account is employed with software, perform the associative operations such as synchronization, renewal, the trouble of multiple login is eliminated, while locally
Token authentication pattern strengthens account number safety guarantee, the need for can meeting practical application well.
Brief description of the drawings
Fig. 1 is principle schematic of the invention;
Fig. 2 is specific steps flow chart of the invention.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, below in conjunction with the accompanying drawings and specific implementation
The present invention will be further described for example.It should be appreciated that specific embodiment described herein is only used to explain the present invention, and without
It is of the invention in limiting.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creative work premise
Lower obtained every other embodiment, belongs to the scope of protection of the invention.
As shown in figure 1, a kind of single-point logging method of (SuSE) Linux OS, long-range using account management server admin
Account, operating system sends message to the long-range keeps, verifies long-range account, after being proved to be successful, long-range account clothes
Business device returns to a token, and used as local authentication, all application programs in the operating system are by inquiring about the token come real
Existing automated log on.
Specifically, as shown in Fig. 2 the single-point logging method of the (SuSE) Linux OS specifically includes following steps:
Step 1) (SuSE) Linux OS is logged in local account;
Step 2) the long-range account of registration:After register system, account Accreditation System is opened by browser, by mailbox
Long-range account is registered, after succeeding in registration, account management server can preserve corresponding account and password;
Step 3) the long-range account of binding:After succeeding in registration, the binding module of start-up operation system is input into long-range account and close
Code, binding module can send it to account management server and be authenticated, and after being verified, account management server can be returned
One token, is saved in local;Meanwhile, binding module can be locally generated a hiding encryption file, preserve account binding
Information;
Step 4) register system:During user login operation system, username and password, PAM authentication module meetings are input into
Carry out local verification;
When PAM authentication modules get account and password, first judge user input is local account or long-range account,
Long-range account is legal name, and local account does not contain@symbols, is used as distinguishing with this;
When user input be local account when, PAM authentication modules can be inquired about and verify local account and password, if log in
Success, then start binding module, and the local hiding encryption file of inquiry inquires about binding information, confirms whether the local account ties up
Determine long-range account, if having bound long-range account, started background authentication module, send the long-range account of binding and existing order
Board, is verified to account management server, if by certification, account management server can return to a new token, old order
Board fails;
When user input be long-range account when, PAM authentication modules can inquire about long-range account and whether existing token has corresponded to,
If by checking, long-range account logins successfully, and starts background authentication module, and background authentication module sends long-range account and existing
To account management server, if by checking, account management server returns to a new token, old token failure to token;
Step 5) update token:After operating system is logined successfully, the background authentication module of operating system can be periodically automatic
Checking information is sent to account management server, after account management server authentication passes through, a new token, old token is returned to
Failure, the purpose of token is constantly updated to reach, and protects account number safety;
Step 6) automated log on:After operating system is logined successfully, application software and website are obtained by accessing binding module
The long-range account of binding is taken, and whether long-range account is verified by query token effectively, if being proved to be successful, the application software
Or website is with the long-range account automated log on.
The single-point logging method of the (SuSE) Linux OS that the present invention is provided, can realize that single-point is stepped on to (SuSE) Linux OS
Record, local account and long-range account are bound, and can use long-range account register system, and after login, the correlation in system should
Logged in from the account is employed with software, perform the associative operations such as synchronization, renewal, the trouble of multiple login is eliminated, while locally
Token authentication pattern strengthens account number safety guarantee, the need for can meeting practical application well.
Embodiment described above only expresses embodiments of the present invention, and its description is more specific and detailed, but can not
Therefore it is interpreted as the limitation to the scope of the claims of the present invention.It should be pointed out that for the person of ordinary skill of the art,
Without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to protection model of the invention
Enclose.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.
Claims (4)
1. a kind of single-point logging method of (SuSE) Linux OS, it is characterised in that utilize the long-range account of account management server admin
Number, operating system sends message to the long-range keeps, verifies long-range account, after being proved to be successful, long-range account service
Device returns to a token, and used as local authentication, all application programs in the operating system are realized by inquiring about the token
Automated log on.
2. linux system login method according to claim 1, it is characterised in that the token is random, periodically more
New.
3. the single-point logging method of the (SuSE) Linux OS according to claim 1-2, it is characterised in that the Linux behaviour
The single-point logging method for making system specifically includes following steps:
Step 1) (SuSE) Linux OS is logged in local account;
Step 2) the long-range account of registration:After register system, account Accreditation System is opened by browser, registered by mailbox
Long-range account, after succeeding in registration, account management server can preserve corresponding account and password;
Step 3) the long-range account of binding:After succeeding in registration, the binding module of start-up operation system is input into long-range account and password,
Binding module can send it to account management server and be authenticated, and after being verified, account management server can return to one
Individual token, is saved in local;Meanwhile, binding module can be locally generated a hiding encryption file, preserve account binding
Information;
Step 4) register system:During user login operation system, username and password is input into, PAM authentication modules can be carried out
Local verification;
Step 5) update token:After operating system is logined successfully, the background authentication module of operating system can periodically from trend account
Number management server sends checking information, after account management server authentication passes through, returns to a new token, and old token loses
Effect, the purpose of token is constantly updated to reach, and protects account number safety;
Step 6) automated log on:After operating system is logined successfully, application software and website are obtained by accessing binding module and tied up
Fixed long-range account, and whether long-range account is verified by query token effectively, if being proved to be successful, the application software or net
Stand with the long-range account automated log on.
4. the step 4 according to claim 1-3), it is characterised in that in the step 4) in, PAM authentication modules get
When account and password, first judge user input is local account or long-range account, and long-range account is legal name, this
Ground account does not contain@symbols, is used as distinguishing with this;
When user input be local account when, PAM authentication modules can be inquired about and verify local account and password, if logging in into
Work(, then start binding module, and the local hiding encryption file of inquiry inquires about binding information, confirms whether the local account binds
Long-range account, if bound long-range account, starts background authentication module, sends the long-range account of binding and existing order
Board, is verified to account management server, if by certification, account management server can return to a new token, old order
Board fails.
When user input be long-range account when, PAM authentication modules can inquire about long-range account and whether existing token has corresponded to, if logical
Checking is crossed, then long-range account is logined successfully, start background authentication module, background authentication module sends long-range account and existing token
To account management server, if by checking, account management server returns to a new token, old token failure.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611069555.7A CN106789930A (en) | 2016-11-28 | 2016-11-28 | A kind of single-point logging method of (SuSE) Linux OS |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611069555.7A CN106789930A (en) | 2016-11-28 | 2016-11-28 | A kind of single-point logging method of (SuSE) Linux OS |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106789930A true CN106789930A (en) | 2017-05-31 |
Family
ID=58902447
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611069555.7A Pending CN106789930A (en) | 2016-11-28 | 2016-11-28 | A kind of single-point logging method of (SuSE) Linux OS |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106789930A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107920063A (en) * | 2017-11-07 | 2018-04-17 | 杭州安恒信息技术有限公司 | A kind of method of online updating tokenID |
CN109525561A (en) * | 2018-10-26 | 2019-03-26 | 深圳点猫科技有限公司 | It is a kind of for educating the authorization login method and device of operating system |
CN110278179A (en) * | 2018-03-15 | 2019-09-24 | 阿里巴巴集团控股有限公司 | Single-point logging method, device and system and electronic equipment |
CN111614641A (en) * | 2020-05-11 | 2020-09-01 | 北京电信易通信息技术股份有限公司 | Cloud account management system and application method |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102685202A (en) * | 2011-03-03 | 2012-09-19 | 微软公司 | Sharing user ID between operating system and application |
CN102739708A (en) * | 2011-04-07 | 2012-10-17 | 腾讯科技(深圳)有限公司 | System and method for accessing third party application based on cloud platform |
CN103023875A (en) * | 2012-11-21 | 2013-04-03 | 北京荣之联科技股份有限公司 | Account management system and method |
CN104580074A (en) * | 2013-10-14 | 2015-04-29 | 阿里巴巴集团控股有限公司 | Logging method of client end application and corresponding server of logging method |
-
2016
- 2016-11-28 CN CN201611069555.7A patent/CN106789930A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102685202A (en) * | 2011-03-03 | 2012-09-19 | 微软公司 | Sharing user ID between operating system and application |
CN102739708A (en) * | 2011-04-07 | 2012-10-17 | 腾讯科技(深圳)有限公司 | System and method for accessing third party application based on cloud platform |
CN103023875A (en) * | 2012-11-21 | 2013-04-03 | 北京荣之联科技股份有限公司 | Account management system and method |
CN104580074A (en) * | 2013-10-14 | 2015-04-29 | 阿里巴巴集团控股有限公司 | Logging method of client end application and corresponding server of logging method |
Non-Patent Citations (1)
Title |
---|
下载之家: "Win10系统绑定微软账户到本地电脑上的方法", 《HTTPS://WWW.XIAZAIZHIJIA.COM/RJJC/99798.HTML》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107920063A (en) * | 2017-11-07 | 2018-04-17 | 杭州安恒信息技术有限公司 | A kind of method of online updating tokenID |
CN110278179A (en) * | 2018-03-15 | 2019-09-24 | 阿里巴巴集团控股有限公司 | Single-point logging method, device and system and electronic equipment |
CN110278179B (en) * | 2018-03-15 | 2021-08-10 | 阿里巴巴集团控股有限公司 | Single sign-on method, device and system and electronic equipment |
CN109525561A (en) * | 2018-10-26 | 2019-03-26 | 深圳点猫科技有限公司 | It is a kind of for educating the authorization login method and device of operating system |
CN109525561B (en) * | 2018-10-26 | 2021-08-20 | 深圳点猫科技有限公司 | Authorized login method and device for education operating system |
CN111614641A (en) * | 2020-05-11 | 2020-09-01 | 北京电信易通信息技术股份有限公司 | Cloud account management system and application method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112597472B (en) | Single sign-on method, device and storage medium | |
CN103248699B (en) | Multi-account processing method of single sign on (SSO) information system | |
US9338155B2 (en) | Security device provisioning | |
CN104468553B (en) | A kind of method, apparatus and system that public account logs in | |
CN108200050A (en) | Single logging-on server, method and computer readable storage medium | |
CN104301316A (en) | Single sign-on system and implementation method thereof | |
CN104378376A (en) | SOA-based single-point login method, authentication server and browser | |
CN103986584A (en) | Double-factor identity verification method based on intelligent equipment | |
CN101193027A (en) | A single-point login system and method for integrated isomerous system | |
CN105337949A (en) | SSO (Single Sign On) authentication method, web server, authentication center and token check center | |
CN111062023B (en) | Method and device for realizing single sign-on of multi-application system | |
WO2014048749A1 (en) | Inter-domain single sign-on | |
CN108259502A (en) | For obtaining the identification method of interface access rights, server-side and storage medium | |
CN106789930A (en) | A kind of single-point logging method of (SuSE) Linux OS | |
CN104506499A (en) | Single sign-on method and device for application systems | |
CN105323253A (en) | Identity verification method and device | |
CN105162775A (en) | Logging method and device of virtual machine | |
CN106161710B (en) | A kind of user account safety management system based on smart phone | |
CN105022939B (en) | Information Authentication method and device | |
CN105812350A (en) | Cross-platform single-point registration system | |
CN112118269A (en) | Identity authentication method, system, computing equipment and readable storage medium | |
CN110324344A (en) | The method and device of account information certification | |
CN115037557B (en) | Temporary identity authentication method and device for user access application | |
CN110175439A (en) | User management method, device, equipment and computer readable storage medium | |
CN102571874A (en) | On-line audit method and device in distributed system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170531 |
|
RJ01 | Rejection of invention patent application after publication |