Poster of Linux kernelThe best gift for a Linux geek
PAM_DUO

PAM_DUO

Section: Maintenance Commands (8)
Local index Up

BSD mandoc
 

NAME

pam_duo - PAM module for Duo authentication  

SYNOPSIS

pam_duo.so [conf= Aq FILENAME ]  

DESCRIPTION

provides secondary authentication (typically after successful password-based authentication) through the Duo authentication service.  

OPTIONS

Only one PAM module configuration option is supported:

conf
Specify an alternate configuration file to load.

 

CONFIGURATION

The INI-format configuration file must have a ``duo '' section with the following options:

ikey
Duo integration key (required).
skey
Duo secret key (required).
group
Skip Duo authentication for users not in a specific Unix group.
minuid
Skip Duo authentication for users below a specified user ID.
failmode
On service or configuration errors that prevent Duo authentication, fail ``safe '' (allow access) or ``secure '' (deny access). Default is ``safe ''
host
Override Duo API host for debugging.

An example configuration file:

[duo]
ikey=SI9F...53RI
skey=4MjR...Q2NmRiM2Q1Y
minuid=500

Other authentication restrictions may be implemented using pam_listfile8, pam_access8, etc.  

FILES

/etc/duo/pam_duo.conf
Default configuration file path

 

AUTHORS

was written by An Duo Security Aq duo_unix@duosecurity.com  

NOTES

When used with OpenSSH's sshd(8), only PAM-based authentication can be protected with this module; pubkey authentication bypasses PAM entirely. OpenSSH's PAM integration also does not honor an interactive pam_conv3 conversation, prohibiting real-time Duo status messages (such as during voice callback).


 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
CONFIGURATION
FILES
AUTHORS
NOTES

This document was created by man2html, using the manual pages.
Time: 08:00:59 GMT, June 15, 2011