mirror of
https://github.com/boltgolt/howdy.git
synced 2024-09-19 09:51:19 +02:00
46 lines
2.3 KiB
Markdown
46 lines
2.3 KiB
Markdown
# Howdy for Ubuntu
|
|
|
|
Windows Hello™ style authentication for Ubuntu. Use your build in IR emitters and camera in combination with face recognition to prove who you are.
|
|
|
|
### Installation
|
|
|
|
Fist we need to install pam-python, fswebcam and OpenCV from the Ubuntu repositories:
|
|
|
|
```
|
|
sudo apt install libpam-python fswebcam libopencv-dev python-opencv
|
|
```
|
|
|
|
After that, install the face_recognition python module. There's an excellent step by step guide on how to do this on [its github page](https://github.com/ageitgey/face_recognition#installation).
|
|
|
|
In the root of your cloned repo is a file called `config.ini`. The `device_id` variable in this file is important, make sure it is the IR camera and not your normal webcam.
|
|
|
|
Now it's time to let Howdy learn your face. The learn.py script will make 3 models of your face and store them as an encoded set in the `models` folder. To run the script, open a terminal, navigate to this repository and run:
|
|
|
|
```
|
|
python3 learn.py
|
|
```
|
|
|
|
The script should guide you through the process.
|
|
|
|
Finally we need to tell PAM that there's a new module installed. Open `/etc/pam.d/common-auth` as root (`sudo nano /etc/pam.d/common-auth`) and add the following line to the top of the file:
|
|
|
|
```
|
|
auth sufficient pam_python.so /path/to/pam.py
|
|
```
|
|
|
|
Replace the final argument with the full path to pam.py in this repository. The `sufficient` control tells PAM that Howdy is enough to authenticate the user, but if it fails we can fall back on more traditional methods.
|
|
|
|
If nothing went wrong we should be able to run sudo by just showing your face. Open a new terminal and run `sudo -i` to see it in action.
|
|
|
|
### Troubleshooting
|
|
|
|
Any errors in the script itself get logged directly into the console and should indicate what went wrong. If authentication still fails but no errors are printed you could take a look at the last lines in `/var/log/auth.log` to see if anything has been reported there.
|
|
|
|
|
|
### A note on security
|
|
|
|
This script is in no way as secure as a password and will never be. Although it's harder to fool than normal face recognition, a person who looks similar to you or well-printed photo of you could be enough to do it.
|
|
|
|
To minimize the chance of this script being compromised, it's recommend to store this repo in `/etc/pam.d` and to make it read only.
|
|
|
|
DO NOT USE THIS SCRIPT AS THE SOLE AUTHENTICATION METHOD FOR YOUR SYSTEM.
|