Created
October 2, 2013 02:41
-
-
Save jonyesno/6788381 to your computer and use it in GitHub Desktop.
login_duo on SmartOS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # install a build zone | |
| # 9eac5c0c-a941-11e2-a7dc-57a6b041988f base64 13.1.0 smartos 2013-04-26T15:17:57Z | |
| [root@hxd11 ~]# vmadm create -f smartos.json | |
| [root@hxd11 ~]# I=... | |
| [root@hxd11 ~]# zlogin ${I} | |
| # Prereqs | |
| [root@smartos ~]# pkgin install gcc47 openssl libpam zlib | |
| # Download, verify, unpack | |
| [root@smartos ~]# curl -LO https://dl.duosecurity.com/duo_unix-latest.tar.gz | |
| [root@smartos ~]# sha1sum duo_unix-latest.tar.gz | |
| [root@smartos ~]# tar zxf duo_unix-latest.tar.gz | |
| [root@smartos ~]# cd duo_unix-1.9.4 | |
| # Configure to use /usbkey/duo instead of /etc/duo | |
| [root@smartos ~/duo_unix-1.9.4]# ./configure --sysconfdir=/usbkey/duo --with-openssl=/opt/local | |
| # Statically link libduo and OpenSSL | |
| [root@smartos ~/duo_unix-1.9.4]# cd login_duo && gcc -g -O2 -Wall -D_FORTIFY_SOURCE=2 -o .libs/login_duo login_duo.o ../lib/.libs/libduo.a ../compat/.libs/libcompat.a /opt/local/lib/libssl.a /opt/local/lib/libcrypto.a -lnsl -lsocket | |
| # Create /usbkey/duo/login_duo.conf and test | |
| [root@hxd11 ~]# /zones/${I}/root/root/duo_unix-1.9.4/login_duo/.libs/login_duo -d -f ${DUO_USER} uptime | |
| # Copy from build zone to global zone | |
| [root@hdx11 ~]# cp /zones/${I}/root/root/duo_unix-1.9.4/login_duo/.libs/login_duo /usbkey/duo/ | |
| # Add command="..." to authorized_keys (no ForceCommand on ancient SSH) - both in ~root and /usbkey/config.inc | |
| command="/usbkey/duo/login_duo -f ${DUO_USER}" ssh-dss ... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Missing
makestep after./configure