Section: Maintenance Commands (8) Local index
- PAM module for Duo authentication
[ conf= Aq FILENAME
provides secondary authentication (typically after successful
password-based authentication) through the Duo authentication service.
Only one PAM module configuration option is supported:
Specify an alternate configuration file to load.
The INI-format configuration file must have a
section with the following options:
Duo integration key (required).
Duo secret key (required).
Skip Duo authentication for users not in a specific Unix group.
Skip Duo authentication for users below a specified user ID.
On service or configuration errors that prevent Duo authentication, fail
(allow access) or
(deny access). Default is
Override Duo API host for debugging.
An example configuration file:
Other authentication restrictions may be implemented using
Default configuration file path
was written by
An Duo Security Aq email@example.com
When used with OpenSSH's
only PAM-based authentication can be protected with this module;
pubkey authentication bypasses PAM entirely. OpenSSH's PAM
integration also does not honor an interactive
conversation, prohibiting real-time Duo status messages (such as
during voice callback).
This document was created by
using the manual pages.
Time: 08:00:59 GMT, June 15, 2011