Facial authentication with Howdy
PAM Integration
To enable Howdy, you need to manually edit the PAM configuration files in the /etc/pam.d/
directory. The data you store in these files determines where Howdy is used. Normally, this directory contains at least the files described in Table 3 – and often many more.
Table 3
PAM Files
File | Function |
---|---|
sudo |
Controls access to the file of the same name |
system-login |
Active for each login |
system-local-login |
Active for local login |
Prefix user |
Active for user management |
Prefix group |
Active for user management |
Prefix ch |
Active when editing file permissions and owners |
To always authenticate using Howdy first, add the line from Listing 2 at the beginning of the appropriate files. Listing 2 says that the Python program pam.py
from the howdy package is used for logging in and that successful authentication with it is okay (keyword: sufficient
). If the check fails, PAM starts the next module mentioned in the file.
Listing 2
Howdy Integration
auth sufficient pam_python.so /lib/security/howdy/pam.py
Setup and Training
After the installation, the Howdy configuration involves two steps. After the first step, the system recognizes faces in the input data, but without differentiating them. Differentiating between people requires separate training in the second step.
In this training, the neural network used by OpenCV learns specific features that represent the user's face. Since Howdy does not just learn static images from the video stream, but short sequences, it is usually not a problem if you blink briefly or move your head a bit. In fact, such slight movements seem to improve recognition rates in real-world use. It takes several repetitions to anchor a solid base in the neural network.
After configuring the hardware and before training, a short test is recommended. Use the command from the first line of Listing 3 to start a special mode that displays the video stream in a new window. Initially, the goal is not to identify a specific face, but to recognize faces in a generic way. If successful, OpenCV marks the area with a red circle (Figure 2). In this way, you can test whether the lighting conditions are sufficient, the position fits the camera, and no disturbing reflections occur. Pressing the Enter key closes the window again and exits the program.
Listing 3
Test Mode
$ sudo howdy test $ sudo howdy snapshot
Alternatively, you can try the snapshot
subcommand, which Howdy uses to capture the images that you analyze afterwards (Listing 3, second line). This option is useful if the program does not recognize faces in test mode. Howdy saves the test images, which are always black and white, in the current directory.
Once everything is working, you're ready for the actual deployment. First capture the features of the faces of the users who are allowed to use the technology (Listing 4). Howdy requires root privileges for this task. The program is installed as /usr/bin/howdy
, a symbolic link to /lib/security/howdy/cli.py
, so it reads and writes the data to the /lib/security/howdy/
directory. To keep the rate of failure low, choose a setting for the recording that is as much as possible like the place you will use it.
Listing 4
Storing Facial Features
$ sudo howdy add NOTICE: Each additional model slows down the face recognition engine slightly Press Ctrl+C to cancel Adding face model for the user Bob Enter a label for this new model [Model #12] (max 24 characters): Bob Please look straight into the camera Scan complete
Adding new profiles has a downside: The more profiles you feed into the neural network, the slower it reacts. This makes it important to find a good compromise between recognition rate and speed. It is best to load only a few profiles at first, maybe two or three. If errors occur during authentication, add another profile each time. In the test, the login worked in most cases with upward of 10 profiles, as long as the conditions between training and application did not differ too greatly – and this means both the exposure situation and the angle to the camera.
The list
option tells Howdy to display the stored profiles (Listing 5, line 1). This list does not offer an evaluation of the profiles. It is not possible to see how well the software recognized a face or how big the match is for a profile. You specify the Label
when saving the profile. If you don't specify it, the program creates these entries on its own, numbering them consecutively and prefixing each with the string Model #
. Howdy also assigns the ID
in the first column automatically. The ID allows Howdy to uniquely identify individual profiles, for example, in order to delete them (Listing 5, line 17).
Listing 5
Listing Profiles
01 $ sudo howdy list 02 Known face models for User: 03 ID Date Label 04 0 2021-09-22 11:23:44 User 05 1 2021-09-22 11:23:55 User 06 2 2021-09-22 11:24:29 User 07 3 2021-09-22 11:26:47 User 08 4 2021-09-22 19:20:36 User 09 5 2021-09-22 19:20:48 User 10 6 2021-09-22 19:21:01 User 11 7 2021-09-27 09:57:20 User 12 8 2021-09-27 09:57:39 User 13 9 2021-10-12 09:17:44 Model #10 14 10 2021-10-12 09:19:08 Model #11 15 11 2021-10-12 11:59:37 Model #12 16 12 2021-10-12 13:22:28 User 17 $ sudo howdy remove 11
Disabling Warnings
OpenCV and GStreamer cooperate without any problems for the most part. However, OpenCV proves to be quite talkative in the default installation and starts outputting warnings in the shell (Listing 6). This is annoying and unnecessary, and it makes working with the software more difficult. One simple remedy is to prevent warnings from being output. To disable warnings, set an appropriate environment variable in the shell in which you start Howdy (OPENCV_LOG_LEVEL=ERROR
).
Listing 6
OpenCV Warnings
[ WARN:0] global /build/opencv/src/opencv-4.5.3/modules/videoio/src/cap_gstreamer.cpp (2056) handleMessage OpenCV | GStreamer warning: Embedded video playback halted; module source reported: Could not read from resource. [ WARN:0] global /build/opencv/src/opencv-4.5.3/modules/videoio/src/cap_gstreamer.cpp (1034) open OpenCV | GStreamer warning: unable to start pipeline [ WARN:0] global /build/opencv/src/opencv-4.5.3/modules/videoio/src/cap_gstreamer.cpp (597) isPipelinePlaying OpenCV | GStreamer warning: GStreamer: pipeline have not been created
« Previous 1 2 3 Next »
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Gnome 47.1 Released with a Few Fixes
The latest release of the Gnome desktop is all about fixing a few nagging issues and not about bringing new features into the mix.
-
System76 Unveils an Ampere-Powered Thelio Desktop
If you're looking for a new desktop system for developing autonomous driving and software-defined vehicle solutions. System76 has you covered.
-
VirtualBox 7.1.4 Includes Initial Support for Linux kernel 6.12
The latest version of VirtualBox has arrived and it not only adds initial support for kernel 6.12 but another feature that will make using the virtual machine tool much easier.
-
New Slimbook EVO with Raw AMD Ryzen Power
If you're looking for serious power in a 14" ultrabook that is powered by Linux, Slimbook has just the thing for you.
-
The Gnome Foundation Struggling to Stay Afloat
The foundation behind the Gnome desktop environment is having to go through some serious belt-tightening due to continued financial problems.
-
Thousands of Linux Servers Infected with Stealth Malware Since 2021
Perfctl is capable of remaining undetected, which makes it dangerous and hard to mitigate.
-
Halcyon Creates Anti-Ransomware Protection for Linux
As more Linux systems are targeted by ransomware, Halcyon is stepping up its protection.
-
Valve and Arch Linux Announce Collaboration
Valve and Arch have come together for two projects that will have a serious impact on the Linux distribution.
-
Hacker Successfully Runs Linux on a CPU from the Early ‘70s
From the office of "Look what I can do," Dmitry Grinberg was able to get Linux running on a processor that was created in 1971.
-
OSI and LPI Form Strategic Alliance
With a goal of strengthening Linux and open source communities, this new alliance aims to nurture the growth of more highly skilled professionals.