Azure Active Directory PAM Module
This PAM module aims to provide Azure Active Directory login to Linux over SSH.
./bootstrap.sh
./configure --with-pam-dir=/lib/x86_64-linux-gnu/security/
make
sudo make install
Edit /etc/pam.d/sshd with your favorite text editor and add the following line at the top:
auth required pam_aad.soCreate the file /etc/pam.conf and fill it with:
{
"client": {
"id": "<client_id_here">
},
"domain": "<@mycompany.com>",
"tenant": "<mycompany.onmicrosoft.com>"
}
This is the id of your application. Once you have create an application through https://portal.azure.com.
When you create your app through your Azure portal you will recieve a code in the form of
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.
Your organization. [xxxxxx].onmicrosoft.com, where [xxxxxx] is replaced by your 0365 organization name.
Checks if the user authenticating to the application is part of the group specified. This allows you to restrict access to certain machines to specific members of your organization.
ssh me@host
Enter the following code at https://aka.ms/devicelogin : B8EYXPJQF
Please hit enter to begin polling...
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.