Use of pam and duo to authenticate users

We are attempting to use PAM based authentication in conjunction with DUO 2-factor authentication. Following the documentation for "Add PAM Authentication " gets a basic functioning authentication working with one major problem. Every login or attempt to do something results in multiple DUO pushes in order to complete authentication. Username and passwords are not required to be re-entered but a DUO acknowledgement is and there are multiple pushes per request.

For example, selecting “Active Jobs” from the toolbar results in 11 DUO pushes. ~6 of those pushes come after the Active Jobs page is displayed.

It seems that username and password is being cached but there is a re-authentication happening for many activities that is causing a DUO push event.

I am not afraid to admit I am baffled at the moment. Any advice or suggestions are welcome.

Jack
University of Colorado

Yes PAM (which is Apache’s basic auth) sends your Authentication Header in every request. This is a short coming in basic auth and one of the reason why we’re trying to discourage it’s use (along with it being insecure - that header is your password bas64 encoded. Not encrypted, just plain text encoded).

Thanks. That let’s me know that this is a dead-end.