Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
773
Views
0
Helpful
2
Replies

Duo for Linux/PAM only active for UID >= 1000

wmelnick
Level 1
Level 1

‎02-23-2022 05:35 PM

I have many service accounts, all with UID numbers less than 1000 which use ssh, rsync over ssh and sftp. I do not want them to have to use Duo, since they are all accessed with scripts and have very limited access anyway. Root (UID=0) is turned off in sshd_config anyway so I do not care about it. How would I go about setting up /etc/pam.d/sshd to only use Duo for users whose UID is 1000 or higher?

Labels:
0 Helpful
2 Replies 2

Stephen Carville
Level 1
Level 1

‎03-24-2022 01:59 PM

You could try a match block for the special accounts

Match User service1, service2, service3, etc
  AuthenticationMethods publickey gssapi-with-mic password
0 Helpful

wmelnick
Level 1
Level 1

‎03-25-2022 04:36 AM

What I ended up doing was creating a group named “duo” into which I added all regular shell-based users, enforced through puppet. Then I added this into /etc/duo/pam_duo.conf
groups=duo

That took care of it for me.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents