[tac_plus] Duo 2fa /w tac plus

Pierre Emeriaud petrus.lt at gmail.com
Tue Oct 8 12:44:36 UTC 2019


Le mar. 8 oct. 2019 à 10:36, Drew Weaver <drew.weaver at thenap.com> a écrit :
>
> Has anyone figured out how you can use Duo (owned by Cisco) as part of pam during the tac+ auth process? We really would like 2fa for all logins that arent used for config backups or route lookup APIs.

I've used google authenticator through pam for this. "auth requisite
pam_google_authenticator.so forward_pass" in /etc/pam.d/tac_plus, and
"login = PAM" in tacplus.conf. Setup google-authenticator as usual.
IIRC it should be enough.

Then use password+totp as password to login.



More information about the tac_plus mailing list