Facial authentication with Howdy
PAM Integration
To enable Howdy, you need to manually edit the PAM configuration files in the /etc/pam.d/
directory. The data you store in these files determines where Howdy is used. Normally, this directory contains at least the files described in Table 3 – and often many more.
Table 3
PAM Files
File | Function |
---|---|
sudo |
Controls access to the file of the same name |
system-login |
Active for each login |
system-local-login |
Active for local login |
Prefix user |
Active for user management |
Prefix group |
Active for user management |
Prefix ch |
Active when editing file permissions and owners |
To always authenticate using Howdy first, add the line from Listing 2 at the beginning of the appropriate files. Listing 2 says that the Python program pam.py
from the howdy package is used for logging in and that successful authentication with it is okay (keyword: sufficient
). If the check fails, PAM starts the next module mentioned in the file.
Listing 2
Howdy Integration
auth sufficient pam_python.so /lib/security/howdy/pam.py
Setup and Training
After the installation, the Howdy configuration involves two steps. After the first step, the system recognizes faces in the input data, but without differentiating them. Differentiating between people requires separate training in the second step.
In this training, the neural network used by OpenCV learns specific features that represent the user's face. Since Howdy does not just learn static images from the video stream, but short sequences, it is usually not a problem if you blink briefly or move your head a bit. In fact, such slight movements seem to improve recognition rates in real-world use. It takes several repetitions to anchor a solid base in the neural network.
After configuring the hardware and before training, a short test is recommended. Use the command from the first line of Listing 3 to start a special mode that displays the video stream in a new window. Initially, the goal is not to identify a specific face, but to recognize faces in a generic way. If successful, OpenCV marks the area with a red circle (Figure 2). In this way, you can test whether the lighting conditions are sufficient, the position fits the camera, and no disturbing reflections occur. Pressing the Enter key closes the window again and exits the program.
Listing 3
Test Mode
$ sudo howdy test $ sudo howdy snapshot
Alternatively, you can try the snapshot
subcommand, which Howdy uses to capture the images that you analyze afterwards (Listing 3, second line). This option is useful if the program does not recognize faces in test mode. Howdy saves the test images, which are always black and white, in the current directory.
Once everything is working, you're ready for the actual deployment. First capture the features of the faces of the users who are allowed to use the technology (Listing 4). Howdy requires root privileges for this task. The program is installed as /usr/bin/howdy
, a symbolic link to /lib/security/howdy/cli.py
, so it reads and writes the data to the /lib/security/howdy/
directory. To keep the rate of failure low, choose a setting for the recording that is as much as possible like the place you will use it.
Listing 4
Storing Facial Features
$ sudo howdy add NOTICE: Each additional model slows down the face recognition engine slightly Press Ctrl+C to cancel Adding face model for the user Bob Enter a label for this new model [Model #12] (max 24 characters): Bob Please look straight into the camera Scan complete
Adding new profiles has a downside: The more profiles you feed into the neural network, the slower it reacts. This makes it important to find a good compromise between recognition rate and speed. It is best to load only a few profiles at first, maybe two or three. If errors occur during authentication, add another profile each time. In the test, the login worked in most cases with upward of 10 profiles, as long as the conditions between training and application did not differ too greatly – and this means both the exposure situation and the angle to the camera.
The list
option tells Howdy to display the stored profiles (Listing 5, line 1). This list does not offer an evaluation of the profiles. It is not possible to see how well the software recognized a face or how big the match is for a profile. You specify the Label
when saving the profile. If you don't specify it, the program creates these entries on its own, numbering them consecutively and prefixing each with the string Model #
. Howdy also assigns the ID
in the first column automatically. The ID allows Howdy to uniquely identify individual profiles, for example, in order to delete them (Listing 5, line 17).
Listing 5
Listing Profiles
01 $ sudo howdy list 02 Known face models for User: 03 ID Date Label 04 0 2021-09-22 11:23:44 User 05 1 2021-09-22 11:23:55 User 06 2 2021-09-22 11:24:29 User 07 3 2021-09-22 11:26:47 User 08 4 2021-09-22 19:20:36 User 09 5 2021-09-22 19:20:48 User 10 6 2021-09-22 19:21:01 User 11 7 2021-09-27 09:57:20 User 12 8 2021-09-27 09:57:39 User 13 9 2021-10-12 09:17:44 Model #10 14 10 2021-10-12 09:19:08 Model #11 15 11 2021-10-12 11:59:37 Model #12 16 12 2021-10-12 13:22:28 User 17 $ sudo howdy remove 11
Disabling Warnings
OpenCV and GStreamer cooperate without any problems for the most part. However, OpenCV proves to be quite talkative in the default installation and starts outputting warnings in the shell (Listing 6). This is annoying and unnecessary, and it makes working with the software more difficult. One simple remedy is to prevent warnings from being output. To disable warnings, set an appropriate environment variable in the shell in which you start Howdy (OPENCV_LOG_LEVEL=ERROR
).
Listing 6
OpenCV Warnings
[ WARN:0] global /build/opencv/src/opencv-4.5.3/modules/videoio/src/cap_gstreamer.cpp (2056) handleMessage OpenCV | GStreamer warning: Embedded video playback halted; module source reported: Could not read from resource. [ WARN:0] global /build/opencv/src/opencv-4.5.3/modules/videoio/src/cap_gstreamer.cpp (1034) open OpenCV | GStreamer warning: unable to start pipeline [ WARN:0] global /build/opencv/src/opencv-4.5.3/modules/videoio/src/cap_gstreamer.cpp (597) isPipelinePlaying OpenCV | GStreamer warning: GStreamer: pipeline have not been created
« Previous 1 2 3 Next »
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
So Long Neofetch and Thanks for the Info
Today is a day that every Linux user who enjoys bragging about their system(s) will mourn, as Neofetch has come to an end.
-
Ubuntu 24.04 Comes with a “Flaw"
If you're thinking you might want to upgrade from your current Ubuntu release to the latest, there's something you might want to consider before doing so.
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.