-
Notifications
You must be signed in to change notification settings - Fork 10
04 How‐to log in with GDM
Once the system is configured you can log into your system using your MS Entra ID credentials and the device code flow.
In the login screen (greeter), select not listed
below the user name field.
Type your MS Entra ID user name. The format is user@domain.name
Select the broker Microsoft Entra ID
If MFA is enabled, a QR code and a login code are displayed.
From a second device, flash the QR code or type the URL in a web browser, then follow the authentication process from your provider.
Upon successful authentication, the user is prompted to enter a local password. This password can be used for offline authentication.
In our example the user authd test
is a member of the following Azure groups:
This translates to the following unix groups on the local machine:
~$ groups
aadtest-testauthd@uaadtest.onmicrosoft.com sudo azure_oidc_test
There are three types of groups:
- Primary group: Created automatically based on the user name
-
Local group: Group local to the machine prefixed with
linux-
. For instance if the user is a member of the Azure grouplinux-sudo
, they will be a member of thesudo
group locally. - Remote group: All the other Azure groups the user is a member of.
authd
is socket-activated. It means that the service starts on-demand when it receives a request on a socket.
If you want to restart the service, you can stop it with systemctl stop authd
and it will restart automatically on the next message it receives.
Run /usr/libexec/authd --help
to display the entire help.
The broker is managed through the snap
command.
The main operation is to restart the broker to reload the configuration when it has changed. You can reload the broker with the command:
snap restart authd-msentraid