upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-06-11 09:51:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

mfa: cleanup website documentation

Browse source
This commit is contained in:
Bradley Girardeau 2015-07-28 12:21:43 -07:00
parent c7b806ebf6
commit cf4fa83598
2 changed files with 20 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
website/source/docs/auth/mfa.html.md
View file

@ -16,15 +16,23 @@ Currently, the "ldap" and "userpass" backends support MFA.
## Authentication
When authenticating, users still provide the same information as before, as well as
When authenticating, users still provide the same information as before, in addition to
MFA verification. Usually this is a passcode, but in other cases, like a Duo Push
notification, no additional information is needed.
### Via the CLI
```shell
$ vault auth -method=userpass username=user password=test passcode=111111
$ vault auth -method=userpass username=user password=test method=push # (default)
$ vault auth -method=userpass \
username=user \
password=test \
passcode=111111
```
```shell
$ vault auth -method=userpass \
username=user \
password=test \
method=push
```
### Via the API
@ -53,23 +61,22 @@ This enables the Duo MFA type, which is currently the only MFA type supported.
The Duo MFA type is configured through two paths: `duo/config` and `duo/access`.
`duo/access` contains connection information for the Duo Auth API. For example:
`duo/access` contains connection information for the Duo Auth API. To configure:
```shell
$ vault write auth/userpass/duo/access \
$ vault write auth/[mount]/duo/access \
host=[host] \
ikey=[integration key] \
skey=[secret key]
```
`duo/config` is an optional path that contains general configuration information
for Duo authentication. For example:
for Duo authentication. To configure:
```shell
$ vault write auth/userpass/duo/config \
$ vault write auth/[mount]/duo/config \
user_agent="" \
username_format="%s"
```
`username_format` is a format string that is formatted with the original backend's
username as the first argument to produce the Duo username.
More information can be found through the CLI `path-help` command.

4
website/source/layouts/docs.erb
View file

@ -162,6 +162,10 @@
<li<%= sidebar_current("docs-auth-ldap") %>>
<a href="/docs/auth/ldap.html">LDAP</a>
</li>
<li<%= sidebar_current("docs-auth-mfa") %>>
<a href="/docs/auth/mfa.html">MFA</a>
</li>
</ul>
</li>