-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MFA TOTP change Google by another #249
Comments
Hello FlochonR, Sure, I never tried with the Duo's PAM integration, but it should work flawlessly. I'll just make the setup command configurable, so that one can customize it. As you said, in the case of Duo, it seems there is no per-user local setup to do, so /bin/true will be a perfect setup command :) |
Hello speed47 ! Thank you ! :) |
speed47
added a commit
that referenced
this issue
Oct 15, 2021
speed47
added a commit
that referenced
this issue
Oct 20, 2021
speed47
added a commit
that referenced
this issue
Oct 20, 2021
speed47
added a commit
that referenced
this issue
Nov 3, 2021
speed47
added a commit
that referenced
this issue
Nov 3, 2021
Merged #255 |
speed47
pushed a commit
that referenced
this issue
Jan 26, 2022
Merge in SOC/bastion from dev/slesimpl/master_stash to master * commit '3ae716a20a12d02e4592d315650847b1985e9b23': (22 commits) release v3.07.00 chore/fix: move HEXIT() to helper module, use HEXIT only in helpers enh: ensure proper Getopt::Long options are set everywhere chore: factorize helpers header fix: add helpers handling of SIGPIPE/SIGHUP fix: avoid double-close log messages on HUP fix: tests under OpenSUSE (fping raw sockets) doc: allowkeeper: fix typo update of --force-password: code style cleanup update of --force-password: removed guest support update of --force-password: guest support, autocompletion, new tests, code cleanups new access option: --force-password <HASH>, to only try one specific password feat: add support for Duo PAM auth as MFA (#249) fix: --self-password was missing as a -P synonym (#257) release v3.06.00 fix: selfMFASetupTOTP: bad return func new account option: --pubkey-auth-optional, to allow ingress login with or without pubkey when pam is required regenerated doc new account option: mfa-any, to allow ingress login with pubkey alone or pam alone instead of requiring both accountPIV: fix bad autocompletion rule ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I enabled the MFA TOTP to connect to Bastion and Vm's behind.
I changed, in the configuration file /etc/pam.d/sshd, the Google PAM authenticator by Duo PAM but when a user enable the MFA with "selfMFASetupTOTP" I have still the QR code from Google PAM authenticator.
Is it possible to disable that ?
(The authentication with Duo is ok with the modification in /etc/pam.d/sshd)
Thanks in advance for your help,
FlochonR
The text was updated successfully, but these errors were encountered: