Facial authentication with Howdy
PAM Integration
To enable Howdy, you need to manually edit the PAM configuration files in the /etc/pam.d/
directory. The data you store in these files determines where Howdy is used. Normally, this directory contains at least the files described in Table 3 – and often many more.
Table 3
PAM Files
File | Function |
---|---|
sudo |
Controls access to the file of the same name |
system-login |
Active for each login |
system-local-login |
Active for local login |
Prefix user |
Active for user management |
Prefix group |
Active for user management |
Prefix ch |
Active when editing file permissions and owners |
To always authenticate using Howdy first, add the line from Listing 2 at the beginning of the appropriate files. Listing 2 says that the Python program pam.py
from the howdy package is used for logging in and that successful authentication with it is okay (keyword: sufficient
). If the check fails, PAM starts the next module mentioned in the file.
Listing 2
Howdy Integration
auth sufficient pam_python.so /lib/security/howdy/pam.py
Setup and Training
After the installation, the Howdy configuration involves two steps. After the first step, the system recognizes faces in the input data, but without differentiating them. Differentiating between people requires separate training in the second step.
In this training, the neural network used by OpenCV learns specific features that represent the user's face. Since Howdy does not just learn static images from the video stream, but short sequences, it is usually not a problem if you blink briefly or move your head a bit. In fact, such slight movements seem to improve recognition rates in real-world use. It takes several repetitions to anchor a solid base in the neural network.
After configuring the hardware and before training, a short test is recommended. Use the command from the first line of Listing 3 to start a special mode that displays the video stream in a new window. Initially, the goal is not to identify a specific face, but to recognize faces in a generic way. If successful, OpenCV marks the area with a red circle (Figure 2). In this way, you can test whether the lighting conditions are sufficient, the position fits the camera, and no disturbing reflections occur. Pressing the Enter key closes the window again and exits the program.
Listing 3
Test Mode
$ sudo howdy test $ sudo howdy snapshot
Alternatively, you can try the snapshot
subcommand, which Howdy uses to capture the images that you analyze afterwards (Listing 3, second line). This option is useful if the program does not recognize faces in test mode. Howdy saves the test images, which are always black and white, in the current directory.
Once everything is working, you're ready for the actual deployment. First capture the features of the faces of the users who are allowed to use the technology (Listing 4). Howdy requires root privileges for this task. The program is installed as /usr/bin/howdy
, a symbolic link to /lib/security/howdy/cli.py
, so it reads and writes the data to the /lib/security/howdy/
directory. To keep the rate of failure low, choose a setting for the recording that is as much as possible like the place you will use it.
Listing 4
Storing Facial Features
$ sudo howdy add NOTICE: Each additional model slows down the face recognition engine slightly Press Ctrl+C to cancel Adding face model for the user Bob Enter a label for this new model [Model #12] (max 24 characters): Bob Please look straight into the camera Scan complete
Adding new profiles has a downside: The more profiles you feed into the neural network, the slower it reacts. This makes it important to find a good compromise between recognition rate and speed. It is best to load only a few profiles at first, maybe two or three. If errors occur during authentication, add another profile each time. In the test, the login worked in most cases with upward of 10 profiles, as long as the conditions between training and application did not differ too greatly – and this means both the exposure situation and the angle to the camera.
The list
option tells Howdy to display the stored profiles (Listing 5, line 1). This list does not offer an evaluation of the profiles. It is not possible to see how well the software recognized a face or how big the match is for a profile. You specify the Label
when saving the profile. If you don't specify it, the program creates these entries on its own, numbering them consecutively and prefixing each with the string Model #
. Howdy also assigns the ID
in the first column automatically. The ID allows Howdy to uniquely identify individual profiles, for example, in order to delete them (Listing 5, line 17).
Listing 5
Listing Profiles
01 $ sudo howdy list 02 Known face models for User: 03 ID Date Label 04 0 2021-09-22 11:23:44 User 05 1 2021-09-22 11:23:55 User 06 2 2021-09-22 11:24:29 User 07 3 2021-09-22 11:26:47 User 08 4 2021-09-22 19:20:36 User 09 5 2021-09-22 19:20:48 User 10 6 2021-09-22 19:21:01 User 11 7 2021-09-27 09:57:20 User 12 8 2021-09-27 09:57:39 User 13 9 2021-10-12 09:17:44 Model #10 14 10 2021-10-12 09:19:08 Model #11 15 11 2021-10-12 11:59:37 Model #12 16 12 2021-10-12 13:22:28 User 17 $ sudo howdy remove 11
Disabling Warnings
OpenCV and GStreamer cooperate without any problems for the most part. However, OpenCV proves to be quite talkative in the default installation and starts outputting warnings in the shell (Listing 6). This is annoying and unnecessary, and it makes working with the software more difficult. One simple remedy is to prevent warnings from being output. To disable warnings, set an appropriate environment variable in the shell in which you start Howdy (OPENCV_LOG_LEVEL=ERROR
).
Listing 6
OpenCV Warnings
[ WARN:0] global /build/opencv/src/opencv-4.5.3/modules/videoio/src/cap_gstreamer.cpp (2056) handleMessage OpenCV | GStreamer warning: Embedded video playback halted; module source reported: Could not read from resource. [ WARN:0] global /build/opencv/src/opencv-4.5.3/modules/videoio/src/cap_gstreamer.cpp (1034) open OpenCV | GStreamer warning: unable to start pipeline [ WARN:0] global /build/opencv/src/opencv-4.5.3/modules/videoio/src/cap_gstreamer.cpp (597) isPipelinePlaying OpenCV | GStreamer warning: GStreamer: pipeline have not been created
« Previous 1 2 3 Next »
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Linux Kernel 6.13 Offers Improvements for AMD/Apple Users
The latest Linux kernel is now available, and it includes plenty of improvements, especially for those who use AMD or Apple-based systems.
-
Gnome 48 Debuts New Audio Player
To date, the audio player found within the Gnome desktop has been meh at best, but with the upcoming release that all changes.
-
Plasma 6.3 Ready for Public Beta Testing
Plasma 6.3 will ship with KDE Gear 24.12.1 and KDE Frameworks 6.10, along with some new and exciting features.
-
Budgie 10.10 Scheduled for Q1 2025 with a Surprising Desktop Update
If Budgie is your desktop environment of choice, 2025 is going to be a great year for you.
-
Firefox 134 Offers Improvements for Linux Version
Fans of Linux and Firefox rejoice, as there's a new version available that includes some handy updates.
-
Serpent OS Arrives with a New Alpha Release
After months of silence, Ikey Doherty has released a new alpha for his Serpent OS.
-
HashiCorp Cofounder Unveils Ghostty, a Linux Terminal App
Ghostty is a new Linux terminal app that's fast, feature-rich, and offers a platform-native GUI while remaining cross-platform.
-
Fedora Asahi Remix 41 Available for Apple Silicon
If you have an Apple Silicon Mac and you're hoping to install Fedora, you're in luck because the latest release supports the M1 and M2 chips.
-
Systemd Fixes Bug While Facing New Challenger in GNU Shepherd
The systemd developers have fixed a really nasty bug amid the release of the new GNU Shepherd init system.
-
AlmaLinux 10.0 Beta Released
The AlmaLinux OS Foundation has announced the availability of AlmaLinux 10.0 Beta ("Purple Lion") for all supported devices with significant changes.