Feature: use a password from AD Azure by default and synchronize it #561
Comments
ma3s7ro
changed the title
|
I would add if at least we can have an option to use the "current" password from Azure/MS entra ID (Not local) for Sudo! I agree that we can log into the system with a local password after configuration and 2FA, but for using sudo? it's better to ask the current password of MS Entra! I got this working in a VM of ubuntu in azure, now i need this on "on-premises". |
|
You can't do that without Running Entra ID Directory Services, only they provide kerberos like in the link you posted |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there an existing request for this feature?
Describe the feature
Adding the ability to use a password from AD Azure by default and synchronize it. If no connection used cached password. It will be useful if used Microsoft infrastructure.
Describe the ideal solution
Like used in SSSD and PAM
https://ubuntu.com/landscape/docs/active-directory-authentication
Alternatives and current workarounds
I have no work around or alternative to offer at this stage.
System information and logs
Environment
Broker configuration:
/var/snap/authd-msentraid/current/broker.conf
[oidc]
issuer = "https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/v2.0"
client_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
[users]
home_base_dir = "/home"
ssh_allowed_suffixes = "@example.com"
Broker authd configuration:
/etc/authd/brokers.d/msentraid.conf
[authd]
name = Microsoft Entra ID
brand_icon = /snap/authd-msentraid/current/broker_icon.png
dbus_name = com.ubuntu.authd.MSEntraID
dbus_object = /com/ubuntu/authd/MSEntraID
Relevant information
No response
Double check your logs
The text was updated successfully, but these errors were encountered: