#990617 login-duo: default configuration file in manpage incorrect

Package:
login-duo
Source:
duo-unix
Description:
login wrapper for Duo Security two-factor authentication
Submitter:
Jack Hill
Date:
2021-07-02 17:18:03 UTC
Severity:
minor
#990617#5
Date:
2021-07-02 16:58:26 UTC
From:
To:
Dear Maintainer,

The login_duo man page states that its default configuration file is
/etc/duo/login_duo.conf. However, it appears to by default look in
/etc/security/login_duo.conf. This is confusing to a new user who
installs the configuration file in /etc/duo/login_duo.conf. When
login_duo can't find its configuration file, it "fails open", allowing
users to proceed with their login action without checking the second
factor, so it is important that the configuration file be installed
correctly.

Here is an example terminal session demonstrating the problem:

$ login_duo -f jackhill
Missing host, ikey, or skey in /etc/security/login_duo.conf
$
logout
$ login_duo -f jackhill -c /etc/duo/login_duo.conf
Duo two-factor login for jackhill

Enter a passcode or select one of the following options:

 1. Phone call to XXX-XXX-2576
 2. SMS passcodes to XXX-XXX-2576 (next code starts with: 2)

Passcode or option (1-2): 1

Calling your phone...
Dialing XXX-XXX-2576...
Answered. Press any key on your phone to log in.
Success. Logging you in...
$