cookbook 'duosecurity', '= 1.0.0', :supermarket
duosecurity (11) Versions 1.0.0 Follow0
Installs/Configures duosecurity two-factor system authentication on Ubuntu/Debian
cookbook 'duosecurity', '= 1.0.0'
knife cookbook site install duosecurity
knife cookbook site download duosecurity
Installs and configures login_duo for unix
node["duosecurity"]["integration_key"]- Required. Integration key, recommended to set from an encrypted value.
node["duosecurity"]["secret_key"]- Required. Secret key, recommended to set from an encrypted value.
node["duosecurity"]["api_hostname"]- Required. API hostname for your Duo account.
node["duosecurity"]["groups"]- Optional. If specified, Duo authentication is required only for users whose primary group or supplementary group list matches one of the space-separated pattern lists.
node["duosecurity"]["failmode"]- Optional. On service or configuration errors that prevent Duo authentication, fail "safe" (allow access) or "secure" (deny access). The default is "safe".
node["duosecurity"]["pushinfo"]- Optional. Include information such as the command to be executed in the Duo Push message. Either "yes" or "no". The default is "no".
node["duosecurity"]["http_proxy"]- Optional. Use the specified HTTP proxy, same format as the
HTTP_PROXYenvironment variable. (honored by wget, curl, etc.).
node["duosecurity"]["autopush"]- Optional. Either "yes" or "no". Default is "no". If "yes", Duo Unix will automatically send a push login request to the user's phone, falling back on a phone call if push is unavailable. If "no", the user will be prompted to choose an authentication method. When configured with
autopush = yes, we recommend setting
prompts = 1.
node["duosecurity"]["motd"]- Optional. Print the contents of
/etc/motdto screen after a successful login. Either "yes" or "no". The default is "no". This option is only available for login_duo.
node["duosecurity"]["prompts"]- Optional. If a user fails to authenticate with a second factor, Duo Unix will prompt the user to authenticate again. This option sets the maximum number of prompts that Duo Unix will display before denying access. Must be 1, 2, or 3. Default is 3. For example, when prompts = 1, the user will have to successfully authenticate on the first prompt, whereas if prompts = 2, if the user enters incorrect information at the initial prompt, he/she will be prompted to authenticate again. When configured with
autopush = yes, we recommend setting prompts = 1.
node["duosecurity"]["accept_env_factor"]- Optional. Look for factor selection or passcode in the
$DUO_PASSCODEenvironment variable before prompting the user for input. When
$DUO_PASSCODEis non-empty, it will override autopush. The SSH client will need
SendEnv DUO_PASSCODEin its configuration, and the SSH server will similarily need
AcceptEnv DUO_PASSCODE. Default is "no".
node["duosecurity"]["fallback_local_ip"]- Optional. Duo Unix reports the IP address of the authorizing user, for the purposes of authorization and whitelisting. If Duo Unix cannot detect the IP address of the client, setting
fallback_local_ip = yeswill cause Duo Unix to send the IP address of the server it is running on. If you are using IP whitelisting, enabling this option could cause unauthorized logins if the local IP is listed in the whitelist.
node["duosecurity"]["https_timeout"]- Optional. Set to the number of seconds to wait for HTTPS responses from Duo Security. If Duo Security takes longer than the configured number of seconds to respond to the preauth API call, the configured failmode is triggered. Other network operations such as DNS resolution, TCP connection establishment, and the SSL handshake have their own independent timeout and retry logic. Default is 0, which disables the HTTPS timeout.
|ark >= 0.0.0|
There are no cookbooks that are contingent upon this one.
This file is used to list changes made in each version of the duosecurity cookbook.
- [your_name] - Initial release of duosecurity
Check the Markdown Syntax Guide for help with Markdown.
The Github Flavored Markdown page describes the differences between markdown on github and standard markdown.