$OpenBSD: README,v 1.4 2018/09/04 12:46:22 espie Exp $
+-----------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-----------------------------------------------------------------------
First steps
===========
In order to use Duo Unix for two-factor authentication you have to first
sign up for an account if you don't already have one.
https://signup.duosecurity.com/
Then create a new UNIX Integration to get an integration key, secret
key, and API hostname. (See:
https://www.duosecurity.com/docs/getting_started)
Once you have this information, edit ${SYSCONFDIR}/login_duo.conf to
match your keys.
Test login_duo
==============
As a regular user, run ${PREFIX}/sbin/login_duo. You should
be provided with an enrollment link. Enroll your phone then run
${PREFIX}/sbin/login_duo again. Once you provide a valid pass
code you should get a SUCCESS message.
Enable SSH two-factor authentication
====================================
To enable two-factor authentication add
ForceCommand ${PREFIX}/sbin/login_duo
to your ${SYSCONFDIR}/ssh/sshd_config. Duo Security recommends disabling
PermitTunnel and AllowTcpForwarding when using two-factor
authentication.
When finished, restart sshd.
