duo_unix icon indicating copy to clipboard operation
duo_unix copied to clipboard
verified publisher icon duosecurity

local logins don't work

Open nferch opened this issue 7 years ago • 3 comments

The PAM module fails with login[PID]: Error in Duo login for 'username' from error.

This is due to the PAM module assuming PAM_RHOST is set, which is not the case for a console login spawned by getty.

There does not appear to be a convenient way to set this with systemd, agetty, /bin/login or PAM, so perhaps the PAM module could be changed to emit populate this field if it isn't already set?

nferch avatar Oct 22 '18 01:10 nferch

Thank you for bringing this up and sorry for the late response. I wanted to let you know that we are tracking this.

vbscott avatar Aug 13 '19 14:08 vbscott

@nferch Can you clarify what you are asking for in your last sentence? I'm not sure I understand.

AaronAtDuo avatar Feb 21 '24 17:02 AaronAtDuo

@nferch Can you clarify what you are asking for in your last sentence? I'm not sure I understand.

whoops, an extra word got in there somehow.

I think I was suggesting that the PAM module shouldn't assume logins are remote and handle a missing PAM_RHOST variable without erroring out. In its current form it isn't possible to use DUO for console logins.

nferch avatar Feb 21 '24 21:02 nferch