Facial authentication with Howdy

PAM Integration

To enable Howdy, you need to manually edit the PAM configuration files in the /etc/pam.d/ directory. The data you store in these files determines where Howdy is used. Normally, this directory contains at least the files described in Table 3 – and often many more.

Table 3

PAM Files




Controls access to the file of the same name


Active for each login


Active for local login

Prefix user

Active for user management

Prefix group

Active for user management

Prefix ch

Active when editing file permissions and owners

To always authenticate using Howdy first, add the line from Listing 2 at the beginning of the appropriate files. Listing 2 says that the Python program pam.py from the howdy package is used for logging in and that successful authentication with it is okay (keyword: sufficient). If the check fails, PAM starts the next module mentioned in the file.

Listing 2

Howdy Integration

auth sufficient pam_python.so /lib/security/howdy/pam.py

Setup and Training

After the installation, the Howdy configuration involves two steps. After the first step, the system recognizes faces in the input data, but without differentiating them. Differentiating between people requires separate training in the second step.

In this training, the neural network used by OpenCV learns specific features that represent the user's face. Since Howdy does not just learn static images from the video stream, but short sequences, it is usually not a problem if you blink briefly or move your head a bit. In fact, such slight movements seem to improve recognition rates in real-world use. It takes several repetitions to anchor a solid base in the neural network.

After configuring the hardware and before training, a short test is recommended. Use the command from the first line of Listing 3 to start a special mode that displays the video stream in a new window. Initially, the goal is not to identify a specific face, but to recognize faces in a generic way. If successful, OpenCV marks the area with a red circle (Figure 2). In this way, you can test whether the lighting conditions are sufficient, the position fits the camera, and no disturbing reflections occur. Pressing the Enter key closes the window again and exits the program.

Listing 3

Test Mode

$ sudo howdy test
$ sudo howdy snapshot
Figure 2: OpenCV detects a face in a well-printed image.

Alternatively, you can try the snapshot subcommand, which Howdy uses to capture the images that you analyze afterwards (Listing 3, second line). This option is useful if the program does not recognize faces in test mode. Howdy saves the test images, which are always black and white, in the current directory.

Once everything is working, you're ready for the actual deployment. First capture the features of the faces of the users who are allowed to use the technology (Listing 4). Howdy requires root privileges for this task. The program is installed as /usr/bin/howdy, a symbolic link to /lib/security/howdy/cli.py, so it reads and writes the data to the /lib/security/howdy/ directory. To keep the rate of failure low, choose a setting for the recording that is as much as possible like the place you will use it.

Listing 4

Storing Facial Features

$ sudo howdy add
NOTICE: Each additional model slows down the face recognition engine slightly
Press Ctrl+C to cancel
Adding face model for the user Bob
Enter a label for this new model [Model #12] (max 24 characters):
Please look straight into the camera
Scan complete

Adding new profiles has a downside: The more profiles you feed into the neural network, the slower it reacts. This makes it important to find a good compromise between recognition rate and speed. It is best to load only a few profiles at first, maybe two or three. If errors occur during authentication, add another profile each time. In the test, the login worked in most cases with upward of 10 profiles, as long as the conditions between training and application did not differ too greatly – and this means both the exposure situation and the angle to the camera.

The list option tells Howdy to display the stored profiles (Listing 5, line 1). This list does not offer an evaluation of the profiles. It is not possible to see how well the software recognized a face or how big the match is for a profile. You specify the Label when saving the profile. If you don't specify it, the program creates these entries on its own, numbering them consecutively and prefixing each with the string Model #. Howdy also assigns the ID in the first column automatically. The ID allows Howdy to uniquely identify individual profiles, for example, in order to delete them (Listing 5, line 17).

Listing 5

Listing Profiles

01 $ sudo howdy list
02 Known face models for User:
03   ID  Date                 Label
04   0   2021-09-22 11:23:44  User
05   1   2021-09-22 11:23:55  User
06   2   2021-09-22 11:24:29  User
07   3   2021-09-22 11:26:47  User
08   4   2021-09-22 19:20:36  User
09   5   2021-09-22 19:20:48  User
10   6   2021-09-22 19:21:01  User
11   7   2021-09-27 09:57:20  User
12   8   2021-09-27 09:57:39  User
13   9   2021-10-12 09:17:44  Model #10
14   10  2021-10-12 09:19:08  Model #11
15   11  2021-10-12 11:59:37  Model #12
16   12  2021-10-12 13:22:28  User
17 $ sudo howdy remove 11

Disabling Warnings

OpenCV and GStreamer cooperate without any problems for the most part. However, OpenCV proves to be quite talkative in the default installation and starts outputting warnings in the shell (Listing 6). This is annoying and unnecessary, and it makes working with the software more difficult. One simple remedy is to prevent warnings from being output. To disable warnings, set an appropriate environment variable in the shell in which you start Howdy (OPENCV_LOG_LEVEL=ERROR).

Listing 6

OpenCV Warnings

[ WARN:0] global /build/opencv/src/opencv-4.5.3/modules/videoio/src/cap_gstreamer.cpp (2056) handleMessage OpenCV |
      GStreamer warning: Embedded video playback halted; module source reported: Could not read from resource.
[ WARN:0] global /build/opencv/src/opencv-4.5.3/modules/videoio/src/cap_gstreamer.cpp (1034) open OpenCV |
      GStreamer warning: unable to start pipeline
[ WARN:0] global /build/opencv/src/opencv-4.5.3/modules/videoio/src/cap_gstreamer.cpp (597) isPipelinePlaying OpenCV |
      GStreamer warning: GStreamer: pipeline have not been created

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More