Description
Is your feature request related to a problem? Please describe.
Recently enabled DUO MFA on our cluster and we have some people in our org who have older phones that don't support the duo app. They would like to authenticate via phone call, but that is not possible with any current release of vault. Solution: change factor from push to auto
Describe the solution you'd like
In login_mfa.go the factor is hardcoded to either "push" or "password", but the duo api /auth endpoint supports additional modes such as "sms" "phone" and "auto", where auto lets duo choose which one to do. Is there any reason that I'm not aware of that auto is not chosen? Seems to be the most flexible to me, but I haven't worked with duo API directly at all. Maybe auto has some downside to it. Looks like the relevant code came from this commit so @raskchanky if you happen to see this and remember why you set it to push, that would probably be the most efficient way to answer my question, don't want to waste y'alls time. If you don't remember, I don't blame you haha I never remember random little intricacies of my old code, that shit is impossible. Anyways, I'd be happy to make a quick PR to change it from "push" to "auto" if no one has any reservations. Thank you for taking the time to read this!
Activity