Sunday, March 20, 2016

pam_duo with MacOSX for Duo 2 Factor Auth via SSH


(updated: 20230328 : just verified this still works with the latest 2.0 version of pam_duo UNIX.  Go Duo) 
Today I decided the duo_unix.so was just so so and I needed something more.  Being a fan of DuoSec I decided it was time to determine how to get pam_duo.so to work on my Mac.


  • First, I started by checking out the code and reading their documentation online.
  • Next I made sure that my XCODE was in good order and I had the command line tools and library installed.
  • I then downloaded the latest released package


curl -LO https://dl.duosecurity.com/duo_unix-latest.tar.gz



  • It was time to build, but I needed a few requirements.  Specifically I needed the openssl libraries as Apple has their own SSL (Common Crypto).  I had to install those.  I use brew, so my attempt was simple
brew install openssl

  • Then, it was all about configuration of the make. IYou will see I  used a poor --with-pam prefix as it should have been /usr/local/lib or /usr/local/libexec but this is to your preference.   Remember, /usr is protected by Apple's gatekeeper so you will have to deviate from the defaults.  



./configure --with-pam=/usr/local --prefix=/usr/local --with-openssl=/usr/local/opt/openssl


  • make and make install dropped all the pieces in place (as root/sudo of course)
  • Then, I followed the documentation on Duo's site and referenced my library for the pam_duo.so file explicitly.  My line was
auth       required       /usr/local/pam_duo.so

Enjoy as now I can ssh as any user and get asked for duo.  If the user is not setup with a Duo account, it politely tells me so.   What I didn't verify is if the brew version of duo_unix supported the pam module, as I thought it was just for the login_unix which is not very flexible.  

Sunday, March 13, 2016

US-12 Saline Innovation Proposal

US-12 Proposal for east of Saline, Washtenaw County.  


US12 shield logo mockup

not official shield, personal proposal 
In the early 2000s, the Michigan Department of Transportation performed a study on the historic Sauk Trail that runs through southern Michigan.  Specifically, the study was the route of US-12 (formerly US-112) that stretches from US-23 to the city limits of Saline.

Side note of history (2019)

I discovered that US-112 (now US-12) was planned to be a freeway.   Parts of the freeway actually started construction near the intersection of now M-52 just west of Clinton where an interchange and overpass were constructed.   A map was also drafted that includes the US-12 freeway or limited access
highway through Hillsdale county just north of Hillsdale. So if you think US-12 would never be a freeway, better read-up.   You can see the freeway interchange on aerial photos still like here:  https://goo.gl/maps/9pv2i98dqGiJNdFi7

Back to the Study...

The study looked at various ways to handle growth and traffic, including routing north or south of the current roadways, highway approaches, and five lane urban approaches.   The last was chosen as the most viable and least impacting.

The concern is this roadway approach promotes sprawl and congestion.   Examples of this style of roadway in the region include.

M-153/Ford Road in the Westland and Canton area
M-150/Rochester Road in the Rochester, Michigan area
M-17/Washtenaw Ave in Ann Arbor

Each of these roadways suffers from congestion, usually all day long not just at peak rush times.

I have presented initial draft proposals to the Michigan Department of Transportation and have shared with local leaders a method that may increase traffic flow, promote planned growth in Pittsfield Township, and limit the congestion that a five lane road will cause.

The proposal is a radical idea that leverages bridges, collector lanes, roundabouts, and through lanes.    Given the mix of residential and commercial spaces this throughway bisects, sensitivity was given to all community members, including those using US12 as a trunkline and throughway.   Having US12 become a five lane traffic controlled surface street likely does not serve the residential, commercial, and through traffic audiences well.  Noise, congestion, time, pollution, and impact on commerce would be high.   Turning US12 into a limited access highway with higher speeds would also create noise and impact the residential access to the roadway, not to mention create a distribution problem when reaching the limits of Saline and the US12 interchange.   My proposal looks to hybrid the two ideas and leverage bridges at major intersections with collector lanes, and turn smaller intersections into merge on/merge off intersections.     This will keep speeds at the 60 or less MPH range for Michigan highways (see story), support a through lane for those with origin at or easterly of US23 and a destination westerly of Saline, and support local access.   It would also support higher volume with two lanes in each direction for a good part of the way, support local access to keep or merge to the right and through traffic to remain to the left.  This could reduce truck and travel noise as trucks will no longer have to stop (brake stop) or start at intersections but rather can continue at travel engine noise level.   Additional commercial development can continue support the local township's master plan and not create a large amount of congestion havoc for this state trunkline.  Future expansion for capacity could occur with the addition of a through lane at each intersection with wider bridges and a larger median or median wall.     Future use of the corridor for mass transit (think 2050 high speed rail) could leverage this section to transport people from Saline to Ypsilanti or as a spur from the Ann Arbor Rail Road as a north south transportation line from Ann Arbor to Toledo, Traverse City, Detroit,  and beyond.

If this is something that is of interest to you, or you have other ideas, please voice your thoughts.   As we trek into this next decade our thoughts about travel will be challenged.  If ever a place in Michigan for innovative thinking and approaches to travel, our region is prime for such.   An overview graphic of the proposal is available for download (large file).

Area:  

Bounded on the west by the Intersection of US-12 and Industrial Drive in the City of Saline.  Bounded on the east by the Interchange of US-12 and US-23.  Bounded on the North and South by the roadway and RoW of US-12.

East: 

 The interchange of US-12 and US-23 is in need of modernization.  While congestion does not back-up onto US-23, the US-12 traffic light system is less than ideal, and creates multiple stops and offset intersections that do not support the passenger and transportation traffic well.   There should be space to study turning this into a full modern cloverleaf to support traffic flow.   The intersection with Textile road, currently split up, would remain so due to low volume.  Textile road east of US12 would be accessible only from eastbound US12.  In this case, a Michigan left would be made available near the existing condominium complex to support westbound traffic. Traffic from the apartment and condo complexes on the north of US12 would be accessible from westbound US12, but could leverage the Michigan left for Textile from eastbound US12 and leverage the Platt Road interchange for going eastbound on US12.    The US12 and Platt Road intersection, a current bottleneck, would become a bridge with collector lanes.   US12 being four lanes in each direction with a small median and/or ditch, would become two lanes, one in each direction separated by a divider and bridge over Platt Road.   This would be intended for through traffic.   The collector lanes would exit from US12 and meet Platt road at a traffic signal.  The collector lanes could then re-join US12 to return to 4 lanes, two in each direction.   The intersection with Platt road does not contain a large amount of space for roundabout.

US12/US23 area and neighboring roads


Ann Arbor Rail Road:

  The section of US-12 near the intersection of the Ann Arbor Rail Road is the least congested area right now, mostly due to the rural and residential nature of the stretch.   Several cross roads meet or bisect the roadway, but no stop or traffic control devices impede the US12 flow.  This could change if additional growth occurs in the area or additional traffic leverage north/south road ways.   The proposal here allows for a bi-sected roadway and bridges over all roadways.  Local streets such as those approaching the Sauk Trail subdivision and the mobile home park will be merged with traffic and those looking to make left turns will be directed to the next exit to merge back into the west bound or eastbound lanes of US12.   Roads Campbell and Fosdick will be bridges to allow for changing direction from east to west on US12, while Warner will be able to merge eastbound and gain access via eastbound US12, leveraging Campbell and Fosdick as a method to go west and access from westbound US12.   See graphic.




State/Moon:  

The area of State and Moon roads has recently been developed, and Pittsfield Township has designated this area to be a commercial and retail hub for the township.   This development will surely impact the traffic flow for US12 and feeder roads.   The proposal here suggest to keep Old State Street as a roadway however restrict it to merging with westbound US12 and west bound US12 to merge into it.   This will help the State and Old State intersection as well (if it does or does not become a roundabout) as not being a short-cut.    The State/Moon intersection will become collector lane fed via the right lane in each direction, ending at State and Moon as roundabouts.   The collector lane will continue and merge back with US-12 on the opposite side, returning to a 2 lane throughway in each direction.







West:  

As US-12 approaches the City of Saline, the last intersection is that with Industrial Drive.   While mostly a local road for commercial and industrial traffic, for the past decade it has also served as the main entrance into the Saline High School and athletic campus.   During school hours, significant traffic will leverage this roadway while at other times the traffic is lighter and leveraged by shipping trucks and commercial vehicles.  Similar to State/Moon, this intersection has the space to support collector lanes and a bridge.   US-12 will continue over Industrial with one lane in each direction, and the second lane in each direction will become a collector lane.  These collector lanes will meet Industrial at a roundabout and then continue again and meet up with US12 again.   This should support traffic distribution into Saline as well.