Protected password DuoAuthProxy in Linux


#1

I have been running DuoAuthProxy successfully in Windows with service_account_password_protected in autproxy.cfg

Now I have migrated DuoAuthProxy to Linux and then service_account_password_protected does not seem to work. If I change it to service_account_password and password in clear text it works.

Is service_account_password_protected not supported in Linux?


#2

Hi Tonny,
service_account_password_protected is indeed not supported when running the Duo Authentication Proxy on Linux as we do not have a Linux version of the authproxy_passwd.exe program. Even if you had copied the configuration to a different Windows machine, it still would not work:

The encrypted password or secret is specific to the server where it was generated, and will not work if copied to a different machine. If you have multiple Authentication Proxy servers, be sure to run authproxy_passwd.exe separately on each one.

You can read more about encrypting passwords in the Authentication Proxy Reference Guide here: https://duo.com/docs/authproxy_reference#encrypting-passwords


#3

@Tonny_Andersson

Here’s an article with some recommendations for protecting the Authentication Proxy config file on Linux (in the absence of a built-in tool for encrypting the secret and password strings):

https://help.duo.com/s/article/3886


#4

Thank you very much for sorting this out for me!