Pam_duo.conf - permission denied by Gnome ScreenSaver

I’m trying to use DUO in my Redhat 6.8 - Gnome GUI. When I lock Gnome and log in back, it doesn’t use pam_duo.so at all (since there’s no log saying success or failed, neither connection to DUO was made). I found this in log /var/log/message:

gnome-screensaver-dialog: Couldn’t open /etc/duo/pam_duo.conf: Permission denied

Don’t know why this one has permission denied, while SSH/sudo work perfectly. pam_duo.conf has mod 400 since installation.

What can I do ?

Our previous testing KDM and GDM in RHEL 6 showed it appears to just simply not allow interactive prompting on the login and screen lock pages. We did test with LightDM on RHEL 6 and successfully saw the interactive login prompt. It also works with GDM on RHEL 7+.

Simply changing permissions on the pam_duo.conf won’t help, as Duo Unix expects the conf file to be secured (as does SSH), and will report issues if you were to open it up to group read.