Open Jnchi opened 5 years ago
Also, the openvpn-auth-aad plugin re-uses the pam_aad code, and therefore the config file specified for it, https://github.com/CyberNinjas/openvpn-auth-aad
PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags,
int argc, const char **argv) // <-- we should pass the config file path in here
Then in /etc/pam.d/sshd
,
auth required pam_aad.so /etc/pam_aad.conf
Or for OpenVPN, the config could be stored in /etc/openvpn/aad.conf
, (could be a symlink if both are present on a single box).
Then in /etc/openvpn/server.conf
,
# File path for the config file is relative to the OpenVPN configuration folder
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn_aad_auth.so aad.conf
Source: https://github.com/CyberNinjas/pam_aad/blob/master/pam_aad.c#L373
Instead of
/etc/libnss-aad.conf
, and/etc/pam_aad.conf
, both should use a unified configuration,/etc/aad.conf
, or in the case where the values don't match,/etc/aad/pam.conf
, and/etc/aad/nss.conf
.