duo_unix

duo_unix copied to clipboard

Wrong path for duo configuration file in duo_unix-2.0.3

3

After building duo_unix-2.0.3 from source, I find that the duo configuration file is not being used. Probing further into the logs, i see the following error `Couldn't open /etc/pam_duo.conf: No...

demiph

local logins don't work

3

The PAM module fails with `login[PID]: Error in Duo login for 'username' from` error. This is due to the PAM module assuming PAM_RHOST is set, which is not the case...

nferch

PAM_SUCCESS returned for non-duo users instead of PAM_IGNORE

8

## Summary The pam_duo module returns PAM_SUCCESS when encountering a user that is not part of the configured groups. I believe it would be better to return PAM_IGNORE instead in...

st0rmi

## Description Successfully compiled Duo UNIX source code on AIX using gcc-10 and gcc-11, but pam_duo module errors out when attempting to authenticate. AIX 7.1 & AIX 7.2 ## Actual...

athomasLRS

SELINUX: Add squid_port_t to the policy tunables

1

As Squid is a popular Forward Proxy platform, and security binaries should be compiled by trusted partners, add use of squid_port_t to the supplied SELINUX policy object. Satisfies Issue #162...

dnorthup-ums

8.8.8.8 DNS Server is hardcoded

1

## Description In https://github.com/duosecurity/duo_unix/blob/master/lib/util.c#L272 we have the Google DNS server hard-coded `sin.sin_addr.s_addr = inet_addr("8.8.8.8"); /* XXX Google's DNS Server */` Which could be a problem if that's blocked for whatever...

AaronAtDuo

## Summary The FreeBSD port for duo fixes the paths mentioned in the beforementioned manpages respect --prefix as part of the port patching process: https://github.com/freebsd/freebsd-ports/blob/809d194919cb0df3def5550e280bc520996917ba/security/duo/Makefile#L27-L30 These paths should be automatically...

ngie-eign

It would be great to have a default choice when choosing the second factor. This would permit to just press enter instead of having to type a number. When you...

menardorama

Feature request: default PAM / authselect profiles

5

Out of the box, the CentOS / RedHat (and I assume Debian, etc) packages do not configure PAM for 2fa. Instead, the [documentation](https://duo.com/docs/duounix#pam-configuration) instructs the user to, > modify your...

breakwaterlabs

Feature request: behavior in situation of missing conf file and not member of groups directive

4

Hi, Can I suggest some change on behavior of login_duo and pam_duo? ## Summary 1. Both login_duo and pam_duo will proceed ahead if the specified conf file doesn't exist. Can...

haoshu