Duo can be easily added to any Unix system to protect remote (SSH) or local logins with the addition of a simple
pam_duo PAM module or
login_duo module. It has been tested on Linux (RedHat, Fedora, CentOS, Debian, Ubuntu, Amazon Linux), BSD (FreeBSD, NetBSD, OpenBSD), Solaris, HP-UX, and AIX. The code is open-source and available on GitHub.
duo_unix-1.11.1 - November 2018
- Fixed bug causing console login to fail on certain systems
duo_unix-1.11.0 - October 2018
- Added configuration options for parsing the Duo username out of the GECOS field:
- Support for Debian 9 (Stretch)
duo_unix-1.10.5 - September 2018
- CentOS 5 Support is deprecated and will be removed in the next release
- Fixed a bug that caused a segfault on systems where the hostname wasn't retrievable
duo_unix-1.10.4 - August 2018
- CentOS 5 Support is deprecated and will be removed in a future release
- Support for TLS 1.2
- Support for LibreSSL 2.7.0 and up
- Support for Ubuntu 18.04 (Bionic Beaver)
- Minor memory leak fixes
- Output a message during authentication when a user is locked out
- FIPS-compliant when run on a system with FIPS enabled system-wide
Note that releases between 1.10.1. and 1.10.4 contained no code changes.
duo_unix-1.10.1 - August 2017
- Fixed bug causing automated tests to fail on OSX
- Addressed an issue which kept configuration secrets in memory for longer than necessary
duo_unix-1.10.0 - June 2017
- Added LibreSSL support
- Added additional GECOS parsing support
- Increased OSX group count
duo_unix-1.9.21 - May 2017
- Only allow http_proxy to be defined in configuration file instead of environment (PSA-2017-002)
duo_unix-1.9.20 - May 2017
- Fix installation on AIX systems
- Add support for using OpenSSL 1.1.0
- Link libduo statically to address issues with the ldconfig cache and incompatibilities between versions
- Fixed a bug that produced incorrect SNI when using a proxy
duo_unix-1.9.19 - August 2016
- Restore the
http_proxy environment variable after Duo is done
https_timeout config option to
- Handles missing shell and adds default if not specified in
- Add SNI support and a guard for systems that don't support SNI
- Bug fixes for timeouts and fallback ip addresses
duo_unix-1.9.18 - January 2016
- Added HTTP proxy connection error handling
- Improved compatibility with Solaris and AIX
duo_unix-1.9.17 - October 2015
- Fixed PAM return code issue
duo_unix-1.9.16 - October 2015
- Test fixes
- Compilation fixes
duo_unix-1.9.15 - September 2015
- SELinux policy module package support
- PAM module improvements
- Removed deprecated SHA1 Entrust CA
duo_unix-1.9.14 - January 2015
- Added SELinux policy module
- Improve poll(2) error handling
duo_unix-1.9.13 - October 2014
- Bugfixes for signal handling
duo_unix-1.9.12 - September 2014
- Include https_timeout configuration parameter
- IPv6 support on systems that have getaddrinfo
duo_unix-1.9.11 - April 2014
- Improve compatibility with FreeBSD 10.
duo_unix-1.9.10 - April 2014
- Use the correct timeout when polling.
duo_unix-1.9.9 - April 2014
- Use poll(2) instead of select(2) for timeouts to support busy
systems with many open file descriptors.
- Send User-Agent header with each request.
duo_unix-1.9.8 - April 2014
- Improve support for SHA2 in HTTPS.
duo_unix-1.9.7 - January 2014
- Allow using accept_env_factor with SSH.
- Allow using autopush with PAM on Mac OS X.
See the CHANGES file on GitHub for extended version history.
Ready to Get Started?
Sign Up Free