Poster of Linux kernelThe best gift for a Linux geek
DUO

DUO

Section: C Library Functions (3)
Local index Up

BSD mandoc
 

NAME

duo - Duo authentication service  

SYNOPSIS

Fd #include <duo.h> Ft duo_t * Fn duo_open const char *ikey const char *skey const char *progname Ft void Fn duo_set_conv_funcs duo_t *d char *(*conv_prompt)(void *conv_arg, const char *prompt, char *buf, size_t bufsz) void (*conv_status)(void *conv_arg, const char *msg) void *conv_arg Ft void Fn duo_set_host duo_t *d const char *hostname Ft void Fn duo_set_ssl_verify duo_t *d int bool Ft duo_code_t Fn duo_login duo_t *d const char *username const char *client_ip int flags Ft const char * Fn duo_geterr duo_t *d Ft void Fn duo_close duo_t *d  

DESCRIPTION

The API provides access to the Duo two-factor authentication service.

Fn duo_open is used to obtain a handle to the Duo service. Fa ikey and Fa skey are the required integration and secret keys, respectively, for a Duo customer account. Fa progname identifies the program to the Duo service.

Fn duo_set_conv_funcs may be used to override the internal user conversation functions. Fa conv_prompt is called to present the user a login menu and Fa prompt , and gather their response, returning Fa buf or NULL on error. It may be set to NULL if automatic login is specified with DUO_FLAG_AUTO. Fa conv_status is called to display status messages to the user, and may be NULL if no status display is needed. Fa conv_arg is passed as the first argument to these conversation functions.

Fn duo_set_host may be used to override the default Duo API host.

Fn duo_set_ssl_verify may be used to override SSL certificate verification (enabled by default).

Fn duo_login performs secondary authentication via the Duo service for the specified Fa username Ns . Fa client_ip is the source IP address of the connection to be authenticated, and may be NULL if unknown. The following bitmask values are defined for Fa flags :

DUO_FLAG_AUTO
Attempt authentication without prompting the user, using their default out-of-band authentication factor.
DUO_FLAG_SYNC
Do not report incremental status during authentication (e.g. voice callback progress) - only issue one status message per authentication attempt.

Fn duo_geterr returns a description of the last-seen error on the specified Duo API handle. The returned constant string should not be modified or freed by the caller.

Fn duo_close closes and frees the specified Duo API handle.  

RETURN VALUES

Fn duo_open returns a pointer to the configured Duo API handle, or NULL on failure.

Fn duo_login returns status codes of type Ft duo_code_t , which may have the following values:

DUO_OK
User authenticated
DUO_FAIL
User failed to authenticate
DUO_ABORT
User denied by policy
DUO_LIB_ERROR
Unexpected library error
DUO_CONN_ERROR
Duo service unreachable
DUO_CLIENT_ERROR
Invalid client parameters to API call
DUO_SERVER_ERROR
Duo service error

In the event of a DUO_*_ERROR return, duo_geterr may be called to recover a human-readable error message.

Fn duo_geterr returns a constant string which should not be modified or freed by the caller.  

SEE ALSO

pam_duo8, login_duo1  

AUTHORS

Duo Security Aq duo_unix@duosecurity.com


 

Index

NAME
SYNOPSIS
DESCRIPTION
RETURN VALUES
SEE ALSO
AUTHORS

This document was created by man2html, using the manual pages.
Time: 07:55:44 GMT, June 15, 2011