we are testing Duo UNIX in a multi-tenanted hosting environment for SSH access. The UNIX users accessing the Linux servers are in two different groups with two different MSP accounts. At a high level the users are grouped into “admins” which comes from one MSP account, and “developers” which comes from another MSP account.
We have setup the Duo UNIX application in each of the MSP accounts. We have the ikey and skey available for each of the MSP accounts however when configuring the /etc/duo/pam_duo.conf file there is only an option to setup one of the ikey and skey values which would make is choose to have Duo on either the “admins” or the “developers”.
Is there an option available to setup /etc/duo/pam_duo.conf to use specific ikey and skey values based on the user group?