Describe the bug
We log in with vault login -method=ldap and we use Duo MFA. Recently it seems that logging in like this has stopped writing the token to the ~/.vault-token file, so additional vault operations do not complete. If I log into the Vault web interface, copy my token and use that with vault login, the file is written properly.
To Reproduce
Steps to reproduce the behavior:
Run vault login -method=ldap
Enter password and approve MFA push
Try to use any other vault commands and get 403 error, see that ~/.vault-token is missing.
Expected behavior
The file ~/.vault-token should be written with the token received from the LDAP login
Environment:
Vault Server Version (retrieve with vault status): 1.12.1 (installed with Yum)
Vault CLI Version (retrieve with vault version): Vault v1.12.0 (558abfa75702b5dab4c98e86b802fb9aef43b0eb), built 2022-10-10T18:14:33Z
Server Operating System/Architecture: Redhat 7.9
Vault server configuration file(s):
Service started with /usr/bin/vault server -config=/etc/vault/config.json
{
“listener”: [
{
“tcp”: {
“address”: “:8200”,
“tls_cert_file”: “/etc/ssl/vault/vault.example.com.crt”,
“tls_key_file”: “/etc/ssl/vault/vault.example.com.key”
}
}
],
“storage”: {
“mysql”: {
“address”: “mysql.example.com”,
“database”: “vault”,
“table”: “vaultdata”,
“username”: “username”,
“password”: “password”
}
},
“ui”: true
}