Enhancement: update message for successful PAM auth

[danpritts]

VERSION IN USE: duo_unix-1.11.3-0.el6.x86_64 on RHEL6

ISSUE: Misleading feedback "Success. Logging you in..." when what has really happened is duo success.

NB: Best I can tell, the message I describe below is coming from duo, but I can't find it in the source code, except in the test code. However, I also couldn't find it in the pam_linux source code, and it certainly doesn't occur when I don't configure pam to use Duo. Maybe it's coming from Duo over the network?

I've configured a PAM stack for sudo such that I first must type my password, and then do duo.

Consider the following:

% sudo -i
[sudo] password for foobar:
Duo two-factor login for foobar

Enter a passcode or select one of the following options:

 1. Duo Push to ipad (iOS)
 2. Duo Push to XXX-XXX-YYYY
 [...]

 Passcode or option (1-6): [passcode entered here]

 Success. Logging you in...
 Sorry, try again.
[sudo] password for foobar:

In case it's not obvious, the problem is that I mistyped my password. PAM went ahead with the stack, did duo (which succeeded), and then dumped me out afterward. This is probably preferable to erroring out before Duo - prevents password brute forcing.

Regardless, as you can see, the message "Success. Logging you in..." is misleading.

Can you update it to something like "Duo authentication succeeded." ?

[vbscott]

Hi thank you for the issue. You are correct in assuming that duo_unix gets the response from Duo. We get the message from Duo and then set it here. Unfortunately changing "Success. Logging you in..." will result in a change to the overall Duo service.