| options/nixos/security.duosec.host | Duo API hostname.
|
| options/nixos/security.duosec.motd | Print the contents of /etc/motd to screen
after a successful login.
|
| options/nixos/security.duosec.secretKeyFile | A file containing your secret key
|
| options/nixos/security.duosec.pushinfo | Include information such as the command to be executed in
the Duo Push message.
|
| options/nixos/security.duosec.groups | If specified, Duo authentication is required only for users
whose primary group or supplementary group list matches one
of the space-separated pattern lists
|
| options/nixos/security.duosec.failmode | On service or configuration errors that prevent Duo
authentication, fail "safe" (allow access) or "secure" (deny
access)
|
| options/nixos/security.duosec.integrationKey | Integration key.
|
| options/nixos/security.duosec.autopush | If true, Duo Unix will automatically send
a push login request to the user’s phone, falling back on a
phone call if push is unavailable
|
| options/nixos/security.duosec.acceptEnvFactor | Look for factor selection or passcode in the
$DUO_PASSCODE environment variable before
prompting the user for input
|
| options/nixos/security.duosec.allowTcpForwarding | By default, when SSH forwarding, enabling Duo Security will
disable TCP forwarding
|
| options/nixos/security.duosec.fallbackLocalIP | Duo Unix reports the IP address of the authorizing user, for
the purposes of authorization and whitelisting
|
| options/nixos/security.duosec.prompts | If a user fails to authenticate with a second factor, Duo
Unix will prompt the user to authenticate again
|
| options/nixos/security.pam.services.<name>.duoSecurity.enable | If set, use the Duo Security pam module
pam_duo for authentication
|
| options/nixos/security.duosec.ssh.enable | If enabled, protect SSH logins with Duo Security.
|
| options/nixos/security.duosec.pam.enable | If enabled, protect logins with Duo Security using PAM support.
|