Issues rolling out to debian 10

ters · ‎06-22-2019

Hey Guys / Gals,

Having a few issues have rolled out duo to a Linux host (Debian 10) having issues so i run as per

Have skipped the Public Key / PAM configuration section as i won’t be using public key auth.

Have tested the auth and it works fine as per

sudo login_duo -f myusername 'echo "Hello World"'

and that works fine but when i change the 

/etc/pam.d/common-auth

from 
auth  [success=1 default=ignore] pam_unix.so nullok_secure
auth  requisite pam_deny.so
auth  required pam_permit.so

to 
#auth  [success=1 default=ignore] pam_unix.so nullok_secure
auth  requisite pam_unix.so nullok_secure
auth  [success=1 default=ignore] pam_duo.so
auth  requisite pam_deny.so
auth  required pam_permit.so

Open a new terminal putty session and try and login i get the revolving asking for password and not actually accepting the session or asking for 2factor. Rolling back the changes in /etc/pam.d/common-auth allows authentication again.

Any ideas?

KayleeJ · ‎04-22-2021

I know this is old but we are having the exact same issue. Deb9 works fine with our config but Deb10 does not and shows the same behavior the OP reports. Any ideas?

DuoKristina · ‎04-23-2021

Where is your pam_duo.so file located?

Remember that you may need to specify the full path to pam_duo.so in the PAM config file, such as /lib64/security/pam_duo.so if the module is not in the default location /lib/security .

Duo, not DUO.

KayleeJ · ‎04-26-2021

My /etc/pam.d/common-auth file is as follows:

auth required pam_env.so
auth [success=1 default=ignore] pam_localuser.so
auth [success=1 default=ignore] pam_sss.so
auth requisite pam_unix.so
auth [success=1 default=ignore] /lib64/security/pam_duo.so

auth    [success=1 default=ignore]      pam_sss.so use_first_pass
auth    requisite                       pam_deny.so
auth    required                        pam_permit.so
auth    optional                        pam_cap.so