Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Contact Us
Online Help
Domain Status
Man Pages

Virtual Servers

Topology Map

Server Agreement
Year 2038

USA Flag



Man Pages

Manual Reference Pages  -  DUO (3)


duo - Duo authentication service


Return Values
See Also


.Fd #include <duo.h> duo_t * duo_open const char *ikey const char *skey const char *progname const char *cafile void duo_set_conv_funcs duo_t *d char *(*conv_prompt)(void *conv_arg, const char *, char *, size_t) void (*conv_status)(void *conv_arg, const char *msg) void *conv_arg void duo_set_host duo_t *d const char *hostname void duo_set_ssl_verify duo_t *d int bool duo_code_t duo_login duo_t *d const char *username const char *client_ip int flags const char *command const char * duo_geterr duo_t *d void duo_close duo_t *d


The duo API provides access to the Duo two-factor authentication service.

duo_open is used to obtain a handle to the Duo service. ikey and skey are the required integration and secret keys, respectively, for a Duo customer account. progname identifies the program to the Duo service. cafile should be NULL or the pathname of a PEM-format CA certificate to override the default.

duo_set_conv_funcs may be used to override the internal user conversation functions. conv_prompt is called to present the user a login menu and prompt, and gather their response, returning buf or NULL on error. It may be set to NULL if automatic login is specified with DUO_FLAG_AUTO. conv_status is called to display status messages to the user, and may be NULL if no status display is needed. conv_arg is passed as the first argument to these conversation functions.

duo_set_host may be used to override the default Duo API host.

duo_set_ssl_verify may be used to override SSL certificate verification (enabled by default).

duo_login performs secondary authentication via the Duo service for the specified username. client_ip is the source IP address of the connection to be authenticated, or NULL to specify the local host. The following bitmask values are defined for flags:

DUO_FLAG_AUTO Attempt authentication without prompting the user, using their default out-of-band authentication factor.
DUO_FLAG_SYNC Do not report incremental status during authentication (e.g. voice callback progress) - only issue one status message per authentication attempt.

If not NULL, the command to be authorized will be displayed during push authentication.

duo_geterr returns a description of the last-seen error on the specified Duo API handle. The returned constant string should not be modified or freed by the caller.

duo_close closes and frees the specified Duo API handle.


duo_open returns a pointer to the configured Duo API handle, or NULL on failure.

duo_login returns status codes of type duo_code_t, which may have the following values:

DUO_OK User authenticated
DUO_FAIL User failed to authenticate
DUO_ABORT User denied by policy
DUO_LIB_ERROR Unexpected library error
DUO_CONN_ERROR Duo service unreachable
  Invalid client parameters to API call
  Duo service error

In the event of a DUO_*_ERROR return, duo_geterr may be called to recover a human-readable error message.

duo_geterr returns a constant string which should not be modified or freed by the caller.


pam_duo(8), login_duo(1)


Duo Security <>
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.