Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Thanks to Ryan@Duo for talking through some of this via chat… I was able to figure it out, also reading the approach outlined here https://github.com/duosecurity/duo_unix/issues/39 (though that approach never worked for me). I cannot swear that thi...
Sorry, this was originally done on Red hat 6 and then 7, I’m not sure what’s changed on 8 but certainly something is possible. Unfortunately we are not using duo anymore so I have no guidance…
I’m not the best one to answer, but here goes. It depends. We were not currently using a radius server, so we just used the duo auth proxy to ‘look’ like one, and it can do both the AD verification and 2FA of course. It is limited to what it can d...
Pretty sure you should be fine, as long as the two application on your host can differentiate between which port to use when. The “overlapping” IP ranges quote - assuming here, but with a high confidence-factor - is if you are using the same port. ...
Do you have more than 1 egress point for your internet connection (firewall)? If so - lock*.duo.com to just one circuit. We have multiple, and would see that message after authentication and getting redirected to our admin portal… duo saw us on a d...
use ‘groups’ in /etc/duo/pam_duo.conf… e.g. “groups=*,!root”
Duo Security
Duo Unix - 2FA for SSH with PAM Support (pam_duo)
Duo SSH - Duo can be easily added to any Unix system to protect remote (SSH) or local logins wi...
