2FA with Duo #2517
-
|
I've spent days trying to figure this out and am close to throwing in the towel and moving on to other things. I am trying to get xrdp to work with 2FA using Duo. The only thing I have to work from is the instructions that are written for setting up Google Authenticator 2FA with xrdp. After several attempts I have failed thus far adapting those instructions to work with Duo. I am running a RHEL 9 workstation and xrdp version 0.9.21 out of EPEL. It seems that sesman is having a problem dealing with the 2FA piece. Sesman debug log shows the following: |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments
-
|
The Google Authentication instructions should work for any TOTP device. I've set it up OK with Authy. pam_google_authenticator.so has a debug option (see here). Might be worth setting that. Also:-
|
Beta Was this translation helpful? Give feedback.
-
|
SELinux search returned nothing, but the system log found some curious failures. |
Beta Was this translation helpful? Give feedback.
-
|
So I managed to get it to work by forcing Duo to perform a push to the 2FA phone app, I'd really like to be able to enter the OTP code as a secondary password at the xRDP login screen. |
Beta Was this translation helpful? Give feedback.
-
|
It looks like from your description you're using a pam_duo module. I don't know anything about Duo, but if it's using standard TOTP, you should be able to use |
Beta Was this translation helpful? Give feedback.
So I managed to get it to work by forcing Duo to perform a push to the 2FA phone app, I'd really like to be able to enter the OTP code as a secondary password at the xRDP login screen.