xmSuadQz

1# Resources
2https://vincentverhagen.nl/2017/11/fedora-cockpit-two-factor-authentication-2fa/
3https://duo.com/docs/duounix
4
5Create DUO Application and Integration Key - Unix App
6
7sudo apt-get install libpam-dev openssl-devel
8wget https://dl.duosecurity.com/duo_unix-latest.tar.gz
9cd duo_unix-1.11.4
10./configure --with-pam --prefix=/usr && make && sudo make install
11sudo nano /etc/duo/duo_pam.conf
12add ikey skey and app url
13
14sudo nano /etc/pam.d/cockpit
15# Add this - DUO 2FA - Cockpit
16auth required /lib64/security/pam_duo.so
17sudo systemctl restart cockpit
18
19# Login to Cockpit Web Console at :9090
20Username and Password - it will fail. Its okay
21 
22cat /var/log/syslog | grep 'duo'
23# Visit enrollment URL in browser and activate duo device.
24
25
26Install pam_duo
27
28Once the required dependencies are built and installed, build and install duo_unix.
29
30    Extract the downloaded tarball for duo_unix and change to the extracted directory (note your actual extracted directory name reflects the actual version downloaded; the example syntax below references version 1.11.4). View checksums for Duo downloads here.
31
32    $ tar zxf duo_unix-latest.tar.gz
33    $ cd duo_unix-1.11.4
34
35    Build and install duo_unix with PAM support ( pam_duo).
36
37    $ ./configure --with-pam --prefix=/usr && make && sudo make install
38
39    For advanced build options, see the README file in the source tarball.
40
41    Once duo_unix is installed, edit /etc/duo/pam_duo.conf (in /etc/duo or /etc/security) to add the integration key, secret key, and API hostname from your Duo Unix application.
42
43    [duo]
44    ; Duo integration key
45    ikey = INTEGRATION_KEY
46    ; Duo secret key
47    skey = SECRET_KEY
48    ; Duo API hostname
49    host = API_HOSTNAME
50
51    You may also add optional Duo configuration options to pam_duo.conf. See the table in Duo Configuration Options for all available settings.
52