<h1 id="azure-ad">Azure AD<a aria-hidden="true" class="anchor-heading icon-link" href="#azure-ad"></a></h1>
<p><code>pam_aad.so</code>, part of the <code>aadlogin</code> package installed by the <code>AADForLinux</code> <a href="/notes/ea40b6a0-d233-4aad-877e-878cde867bcb">VM extension</a>, provides the ability to login to a Linux <abbr title="Virtual Machine">VM</abbr> over <abbr title="Secure Shell">SSH</abbr> with your <a href="/notes/bc4492a3-e8b3-44b3-b05a-1ea12d032a18">AAD</a> credentials.</p>
<p>Changes will vary by distribution, but under Ubuntu 18.04 the following changes are necessary to <code>common-account</code>:</p>
<pre class="language-pam-config"><code class="language-pam-config">account [success=2 ignore=ignore default=die] pam_aad.so
</code></pre>
<p>And <code>common-auth</code>:</p>
<pre class="language-pam-config"><code class="language-pam-config">auth [success=2 ignore=ignore default=die] pam_aad.so
</code></pre>
<p>If you're struggling to troubleshoot issues with the module, try appending <code>debug</code> to both its <code>account</code> and <code>auth</code> lines, then monitor the system's security log. Don't forget to remove it again when you're done -- it'll generate a large volume of output.</p>
<p>It also requires the following options to be set in <code>/etc/ssh/sshd_config</code>:</p>
<div class="table-responsive">




























<table><thead><tr><th>Option</th><th>Value</th></tr></thead><tbody><tr><td><code>UsePAM</code></td><td><code>yes</code></td></tr><tr><td><code>ChallengeResponseAuthentication</code></td><td><code>yes</code></td></tr><tr><td><code>KbdInteractiveAuthentication</code></td><td><code>yes</code></td></tr><tr><td><code>PasswordAuthentication</code></td><td><code>no</code></td></tr><tr><td><code>PubkeyAuthentication</code></td><td><code>no</code></td></tr></tbody></table></div>
<p>For further details see <a href="https://docs.microsoft.com/en-us/azure/virtual-machines/linux/login-using-aad">the Azure documentation</a>.</p>

Azure AD


![Digital brain](assets/images/logo.svg){display: block, margin: 0 auto, max-height: 50vh}

Hi, I'm Luke 👋

I'm a software engineer turned site reliability engineer. I'm currently big on knowledge management and learning.

# Find me elsewhere

- [👨‍💻 DEV](https://dev.to/lukecarrier)
- [🚢 GitHub](https://github.com/LukeCarrier)
- [👔 LinkedIn](https://www.linkedin.com/in/lukecarrier/)
- [📄 Résumé](https://github.com/LukeCarrier/resume)


Option	Value
`UsePAM`	`yes`
`ChallengeResponseAuthentication`	`yes`
`KbdInteractiveAuthentication`	`yes`
`PasswordAuthentication`	`no`
`PubkeyAuthentication`	`no`