10-12-2022 03:02 AM
Hi there, I noticed there was an update of duo_unix package for Linux. I went ahead and installed it not realising that it was pulling from EPEL and not the duosecurity repo I had originally installed from. Once it’s installed, it pretty much ceases to function. There are several issues but one of the most important being that pam_duo.so is missing from it. I reversed the upgrade, but it leave some questions.
Any idea how/why duo_unix has appeared in EPEL (with a later version than duosecurity has) and why it’s way smaller in size and doesn’t function?
Descriptions of install/available below:
Installed Packages ( This works fine)
Name : duo_unix
Version : 1.12.1
Release : 0.el8
Architecture : x86_64
Size : 984 k
Source : duo_unix-1.12.1-0.el8.src.rpm
Repository : @System
From repo : duosecurity
Summary : Duo two-factor authentication for Unix systems
URL : https://www.duosecurity.com
License : GPLv2
Description : Duo two-factor authentication for Unix systems
Available Packages (This doesn’t work)
Name : duo_unix
Version : 1.12.1
Release : 3.el8
Architecture : x86_64
Size : 68 k
Source : duo_unix-1.12.1-3.el8.src.rpm
Repository : epel
Summary : Duo two-factor authentication for UNIX systems
URL : http://www.duosecurity.com/
License : GPLv2
Description : Duo provides simple two-factor authentication as a service via:
:
: 1. Phone callback
: 2. SMS-delivered one-time passcode
: 3. Duo mobile app to generate one-time passcode
: 4. Duo mobile app for smartphone push authentication
: 5. Duo hardware token to generate one-time passcode
:
: This package allows an admin (or ordinary user) to quickly add Duo
: authentication to any UNIX login without setting up secondary user
: accounts, directory synchronization, servers, or hardware.
Solved! Go to Solution.
10-13-2022 09:58 AM
have not tested it myself, but it looks like a fix has been pushed out:
https://bugzilla.redhat.com/show_bug.cgi?id=2134160
The duo_unix package in EPEL now recommends pam_duo
10-12-2022 01:47 PM
We noticed this today as well.
It appears that the ‘duo_unix’ package from EPEL is missing the ‘pam_duo.so’ library and that is now optionally installed via the ‘pam_duo’ package from EPEL.
10-12-2022 04:21 PM
It also wasn’t on many of the mirrors. Which made a potential supply chain attack a possibility. Fortunately that meant that not many of our hosts pulled it.
10-13-2022 07:49 AM
Also ran into this. For a workaround, I have added exclude=duo_unix
to the epel repo config file.
10-13-2022 09:58 AM
have not tested it myself, but it looks like a fix has been pushed out:
https://bugzilla.redhat.com/show_bug.cgi?id=2134160
The duo_unix package in EPEL now recommends pam_duo
01-14-2023 07:54 AM
Looks like it is still broken – at least in Oracle 8 EPEL.
About two days ago, I upgraded my “backup” jump server running Oracle Linux 8.7 and duo stopped working. I finally tracked it down to the duo_unix package in oracle-EPEL respository for OL8.
The duosecurity repo contains:
Name : duo_unix
Version : 1.12.0
Release : 0.el8
Architecture : x86_64
Size : 960 k
Source : duo_unix-1.12.0-0.el8.src.rpm
Repository : @System
From repo : duosecurity
Summary : Duo two-factor authentication for Unix systems
URL : https://www.duosecurity.com
License : GPLv2
The Oracle Linux EPEL repository contains:
Name : duo_unix
Version : 1.12.1
Release : 5.el8
Architecture : x86_64
Size : 70 k
Source : duo_unix-1.12.1-5.el8.src.rpm
Repository : ol8_developer_EPEL
Summary : Duo two-factor authentication for UNIX systems
URL : http://www.duosecurity.com/
License : GPLv2
The package in the Oracle repo is still broken so, if you are running Duo on Oracle 8, you might want to disable ol8_developer_EPEL or exclude the duo_unix package during an upgrade.
01-23-2023 11:43 AM
Please note the EPEL package was not created by and is not maintained by Duo. The only packages we maintain are the ones made available from pkg.duosecurity.com, as noted here.
01-24-2023 01:55 AM
Hi @DuoKristina Thanks for your response. I believe this is understood by the end users (us), but it doesn’t negate the fact that a lot (most?) users of a RHEL derivative utilise EPEL and it caught a lot of us out due to the priority of EPEL and missing the fact it was pulling duo_* related files from a different repo than usual.
01-24-2023 06:03 AM
@cantlep Totally understood. I was just hoping to help shape expectations for what assistance one could expect from Duo when posting here. Like anyone else on this thread, we can only submit an issue to the maintainers of the EPEL packages.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide