Stop "Sending duplicate proxied request"

[Arran Cudbard-Bell]

> On 14 Dec 2015, at 08:36, David Aldwinckle <daldwinckle at uwaterloo.ca> wrote:
> 
> Hi Arran,
> 
> Thanks for the explanation. I configured the NAS retry interval and that fixed my problem.
> 
> Yubikey tokens can be used with Duo. I'm not familiar with the old tokens, so I can't say if they're the same.
> 
> I looked at the yubikey module just now and I'm not confident that it could be configured to work with the Duo API.

No, probably not.

> From the Duo API documentation, for requests that include a passcode, you need to use a POST method like this:
> 
> $ export IKEY= # your Auth API application's "Integration key"
> $ export SKEY= # your Auth API application's "Secret key"
> $ export HOST= # your Auth API application's "API hostname"
> 
> python -m duo_client.client --ikey $IKEY --skey $SKEY --host $HOST --path /auth/v2/auth --method POST username=$username factor=passcode passcode=$passcode
> 
> https://www.duosecurity.com/docs/authapi-guide#passcode
> 
> If the user doesn't have a token, they can use the smartphone app which sends an "Approve?/Deny?" message. In that case there is no passcode, so the process is more complex and involves querying for a users enrollment status and device info first.
> 
> https://www.duosecurity.com/docs/authapi-guide#secondary-(duo)-authentication

Ah, OK, not Yubikey Duo.  OTP vendors always managed to make this more complicated and frustrating than it needs to be *sigh*.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20151214/6f3d33fe/attachment.sig>