Feature: use a password from AD Azure by default and synchronize it

[ma3s7ro]

Is there an existing request for this feature?

• [X] I have searched the existing issues and found none that matched mine

Describe the feature

Adding the ability to use a password from AD Azure by default and synchronize it. If no connection used cached password. It will be useful if used Microsoft infrastructure.

Describe the ideal solution

Like used in SSSD and PAM https://ubuntu.com/landscape/docs/active-directory-authentication

Alternatives and current workarounds

I have no work around or alternative to offer at this stage.

System information and logs

Environment

• broker version: 0.x/stable: 0.1
• authd version: 0.3.4~ppa3
• gnome shell version: 46.3.1-1ubuntu1~24.04.1
• Distribution: Ubuntu
• Distribution version: 24.04.1 LTS (Noble Numbat)

Broker configuration:

/var/snap/authd-msentraid/current/broker.conf

[oidc] issuer = "https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/v2.0" client_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"

[users] home_base_dir = "/home" ssh_allowed_suffixes = "@example.com" Broker authd configuration:

/etc/authd/brokers.d/msentraid.conf

[authd] name = Microsoft Entra ID brand_icon = /snap/authd-msentraid/current/broker_icon.png dbus_name = com.ubuntu.authd.MSEntraID dbus_object = /com/ubuntu/authd/MSEntraID

Relevant information

No response

Double check your logs

• [X] I have redacted any sensitive information from the logs

[FoxmaidenJH]

I would add if at least we can have an option to use the "current" password from Azure/MS entra ID (Not local) for Sudo!

I agree that we can log into the system with a local password after configuration and 2FA, but for using sudo? it's better to ask the current password of MS Entra!

I got this working in a VM of ubuntu in azure, now i need this on "on-premises".

[mtb-xt]

You can't do that without Running Entra ID Directory Services, only they provide kerberos like in the link you posted