cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
849
Views
0
Helpful
0
Replies

AuthProxy with LDAP/SSH key-based authentication

heliosophist
Level 1
Level 1

Hi,

We are trying to setup the AuthProxy in an environment that uses LDAP and SSH with key-based authentication. We got the proxy to work with password authentication, however it does not work with keys.

In case of password authentication, the usual LDAP communication flow looks like this:

  1. LDAP Bind Request with the service account (read only account)
  2. LDAP Search Request, Search Response etc…
  3. LDAP Bind Request with the user trying to authenticate → this is where Duo steps in and prompts for the second factor - we submit it and login works

With key-based auth however, the following happens:

  1. LDAP Bind Request with service account
  2. LDAP Search Request, Search Response contains public key
  3. Rest of the authentication is handled “normally”, no 2nd bind occurs with the authenticating user → no MFA is triggered

Is there any solution or workaround to this problem? Using password authentication is not an option.

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links