Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1410
Views
1
Helpful
8
Replies

EPEL repo has duo_unix but it's missing files

Go to solution
cantlep
Level 1
Level 1

‎10-12-2022 03:02 AM

Hi there, I noticed there was an update of duo_unix package for Linux. I went ahead and installed it not realising that it was pulling from EPEL and not the duosecurity repo I had originally installed from. Once it’s installed, it pretty much ceases to function. There are several issues but one of the most important being that pam_duo.so is missing from it. I reversed the upgrade, but it leave some questions.

Any idea how/why duo_unix has appeared in EPEL (with a later version than duosecurity has) and why it’s way smaller in size and doesn’t function?

Descriptions of install/available below:

Installed Packages ( This works fine)
Name : duo_unix
Version : 1.12.1
Release : 0.el8
Architecture : x86_64
Size : 984 k
Source : duo_unix-1.12.1-0.el8.src.rpm
Repository : @System
From repo : duosecurity
Summary : Duo two-factor authentication for Unix systems
URL : https://www.duosecurity.com
License : GPLv2
Description : Duo two-factor authentication for Unix systems

Available Packages (This doesn’t work)
Name : duo_unix
Version : 1.12.1
Release : 3.el8
Architecture : x86_64
Size : 68 k
Source : duo_unix-1.12.1-3.el8.src.rpm
Repository : epel
Summary : Duo two-factor authentication for UNIX systems
URL : http://www.duosecurity.com/
License : GPLv2
Description : Duo provides simple two-factor authentication as a service via:
:
: 1. Phone callback
: 2. SMS-delivered one-time passcode
: 3. Duo mobile app to generate one-time passcode
: 4. Duo mobile app for smartphone push authentication
: 5. Duo hardware token to generate one-time passcode
:
: This package allows an admin (or ordinary user) to quickly add Duo
: authentication to any UNIX login without setting up secondary user
: accounts, directory synchronization, servers, or hardware.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sabo1
Level 1
Level 1

‎10-13-2022 09:58 AM

have not tested it myself, but it looks like a fix has been pushed out:
https://bugzilla.redhat.com/show_bug.cgi?id=2134160

The duo_unix package in EPEL now recommends pam_duo

View solution in original post

0 Helpful
8 Replies 8

Go to solution
billglick
Level 1
Level 1

‎10-12-2022 01:47 PM

We noticed this today as well.

It appears that the ‘duo_unix’ package from EPEL is missing the ‘pam_duo.so’ library and that is now optionally installed via the ‘pam_duo’ package from EPEL.

Go to solution
Edward_Joseph_Ridge
Level 1
Level 1

‎10-12-2022 04:21 PM

It also wasn’t on many of the mirrors. Which made a potential supply chain attack a possibility. Fortunately that meant that not many of our hosts pulled it.

0 Helpful

Go to solution
ceandreasen
Level 1
Level 1

‎10-13-2022 07:49 AM

Also ran into this. For a workaround, I have added exclude=duo_unix to the epel repo config file.

0 Helpful

Go to solution
sabo1
Level 1
Level 1

‎10-13-2022 09:58 AM

have not tested it myself, but it looks like a fix has been pushed out:
https://bugzilla.redhat.com/show_bug.cgi?id=2134160

The duo_unix package in EPEL now recommends pam_duo

0 Helpful

Go to solution
Stephen Carville
Level 1
Level 1

‎01-14-2023 07:54 AM

Looks like it is still broken – at least in Oracle 8 EPEL.

About two days ago, I upgraded my “backup” jump server running Oracle Linux 8.7 and duo stopped working. I finally tracked it down to the duo_unix package in oracle-EPEL respository for OL8.

The duosecurity repo contains:

Name : duo_unix
Version : 1.12.0
Release : 0.el8
Architecture : x86_64
Size : 960 k
Source : duo_unix-1.12.0-0.el8.src.rpm
Repository : @System
From repo : duosecurity
Summary : Duo two-factor authentication for Unix systems
URL : https://www.duosecurity.com
License : GPLv2

The Oracle Linux EPEL repository contains:

Name : duo_unix
Version : 1.12.1
Release : 5.el8
Architecture : x86_64
Size : 70 k
Source : duo_unix-1.12.1-5.el8.src.rpm
Repository : ol8_developer_EPEL
Summary : Duo two-factor authentication for UNIX systems
URL : http://www.duosecurity.com/
License : GPLv2

The package in the Oracle repo is still broken so, if you are running Duo on Oracle 8, you might want to disable ol8_developer_EPEL or exclude the duo_unix package during an upgrade.

0 Helpful

Go to solution
DuoKristina
Cisco Employee
Cisco Employee
In response to Stephen Carville

‎01-23-2023 11:43 AM

Please note the EPEL package was not created by and is not maintained by Duo. The only packages we maintain are the ones made available from pkg.duosecurity.com, as noted here.

Duo, not DUO.
0 Helpful

Go to solution
cantlep
Level 1
Level 1
In response to DuoKristina

‎01-24-2023 01:55 AM

Hi @DuoKristina Thanks for your response. I believe this is understood by the end users (us), but it doesn’t negate the fact that a lot (most?) users of a RHEL derivative utilise EPEL and it caught a lot of us out due to the priority of EPEL and missing the fact it was pulling duo_* related files from a different repo than usual.

0 Helpful

Go to solution
DuoKristina
Cisco Employee
Cisco Employee
In response to cantlep

‎01-24-2023 06:03 AM

@cantlep Totally understood. I was just hoping to help shape expectations for what assistance one could expect from Duo when posting here. Like anyone else on this thread, we can only submit an issue to the maintainers of the EPEL packages.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents