mike-jumper commented on code in PR #261:
URL: https://github.com/apache/guacamole-manual/pull/261#discussion_r2021903780
##########
src/duo-auth.md.j2:
##########
@@ -0,0 +1,112 @@
+{# vim: set filetype=markdown.jinja : #}
+{%- import 'include/ext-macros.md.j2' as ext with context -%}
+
+Using Duo for multi-factor authentication
+=========================================
+
+Guacamole's Duo authentication extension allows the third-party Duo service to
+be used as an additional authentication factor for users of your Guacamole
+installation. If installed, users that attempt to authenticate against
+Guacamole will be sent to Duo's service for further verification.
+
+```{include} include/warn-config-changes.md
+```
+
+(duo-architecture)=
+
+How Duo works with Guacamole
+----------------------------
+
+Duo is strictly a service for verifying the identities of users that have
+already been partially verified through another authentication method. Thus,
+for Guacamole to make use of Duo, at least one other authentication mechanism
+will need be configured, such as [a supported database](jdbc-auth) or
+[LDAP](ldap-auth).
Review Comment:
Hm ... I'll test.
IIRC, this _does_ work and isn't subject to the same (former) limitation
that affected SAML+TOTP where the two anti-replay protections would conflict.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@guacamole.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
