EDR: How to manage DUO authentication lifetime
Article ID: 290710
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
How to manage DUO authentication lifetime?
Environment
- EDR server: All versions
Resolution
In /usr/share/cb/plugins/duo/secrets.ini, set session_lifetime decides the number of seconds a "session" should last until 2fa is required again.
DUO authentification has a session. If activities on the console staying active, the DUO session stays alive. If the session stays idle, we use "session_lifetime" to control after how many idle seconds the 2fa prompt again. For example, if session_lifetime=60, which means, after 60 seconds idle time, the 2fa prompt again.
DUO authentification has a session. If activities on the console staying active, the DUO session stays alive. If the session stays idle, we use "session_lifetime" to control after how many idle seconds the 2fa prompt again. For example, if session_lifetime=60, which means, after 60 seconds idle time, the 2fa prompt again.
Additional Information
To change the session_lifetime value, please follow the steps below:
Steps:
1. Change "session_lifetime" setting in /usr/share/cb/plugins/duo/secrets.ini and save.
2. Restart coreservices on the server or on the master
/usr/share/cb/cbservices cb-coreservices restart
Feedback
Yes
No
Powered by
