README
¶
authd: an authentication daemon for cloud identity providers
authd is an authentication daemon for cloud-based identity providers. It helps
ensure the secure management of identity and access for Ubuntu machines anywhere
in the world, on desktop and the server. authd's modular design makes it a
versatile authentication service that can integrate with multiple identity
providers. MS Entra ID and Google Cloud's Identity and Access Management are currently
supported and several other identity providers are under active development.
Documentation
To find out more about using authd, refer to the official authd documentation. If you are on an edge release then you can also read the latest development version of the documentation, which may include features not yet available in the stable release.
The documentation includes how-to guides on installing and configuring authd, in addition to information about authd architecture and troubleshooting.
Brokers
authd uses brokers to interface with cloud identity providers through a DBus API.
Currently MS Entra ID and Google IAM are supported as identity providers. They allow you to authenticate using MFA and the device authentication flow.
For development purposes, authd also provides an example broker to help you develop your own.
Get involved
This is an open source project and we warmly welcome community contributions, suggestions, and constructive feedback. If you're interested in contributing, please take a look at our contribution guidelines first.
When reporting an issue you can choose from several templates:
- To report an issue, please file a bug report against our repository, using the report an issue template.
- For suggestions and constructive feedback, report a feature request bug report, using the request a feature template.
Get in touch
We're friendly! You can find our community forum at https://discourse.ubuntu.com where we discuss feature plans, development news, issues, updates and troubleshooting.
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
authd
Package main is the entry point.
|
Package main is the entry point. |
|
authd/daemon
Package daemon represents the connection between the broker and pam/nss.
|
Package daemon represents the connection between the broker and pam/nss. |
|
Package examplebroker implements an example broker that will be used by the authentication daemon.
|
Package examplebroker implements an example broker that will be used by the authentication daemon. |
|
internal
|
|
|
brokers
Package brokers contains the broker object definitions, implementations and manager that will be used by the daemon for authentication.
|
Package brokers contains the broker object definitions, implementations and manager that will be used by the daemon for authentication. |
|
brokers/auth
Package auth contains the authentication related code.
|
Package auth contains the authentication related code. |
|
brokers/layouts
Package layouts lists all the broker UI layouts we support.
|
Package layouts lists all the broker UI layouts we support. |
|
brokers/layouts/entries
Package entries lists all the broker entries we support.
|
Package entries lists all the broker entries we support. |
|
consts
Package consts defines the constants used by the project
|
Package consts defines the constants used by the project |
|
daemon
Package daemon handles the GRPC daemon with systemd support.
|
Package daemon handles the GRPC daemon with systemd support. |
|
errno
Package errno provide utilities to use C errno from the Go side.
|
Package errno provide utilities to use C errno from the Go side. |
|
fileutils
Package fileutils provides utility functions for file operations.
|
Package fileutils provides utility functions for file operations. |
|
grpcutils
Package grpcutils provides utility functions for GRPC operations.
|
Package grpcutils provides utility functions for GRPC operations. |
|
proto/authd
Package authd holds the authd protocol implementation.
|
Package authd holds the authd protocol implementation. |
|
services
Package services mediates all the business logic of the application via a manager.
|
Package services mediates all the business logic of the application via a manager. |
|
services/errmessages
Package errmessages formats the error messages that are sent to the client.
|
Package errmessages formats the error messages that are sent to the client. |
|
services/nss
Package nss implements the nss grpc service protocol to the daemon.
|
Package nss implements the nss grpc service protocol to the daemon. |
|
services/pam
Package pam implements the pam grpc service protocol to the daemon.
|
Package pam implements the pam grpc service protocol to the daemon. |
|
services/permissions
Package permissions handles peer user detection and permissions.
|
Package permissions handles peer user detection and permissions. |
|
sliceutils
Package sliceutils provides utility functions for slices.
|
Package sliceutils provides utility functions for slices. |
|
testsdetection
Package testsdetection helps in deciding if we are currently running under integration or tests.
|
Package testsdetection helps in deciding if we are currently running under integration or tests. |
|
testutils
Package testutils provides utility functions and behaviors for testing.
|
Package testutils provides utility functions and behaviors for testing. |
|
testutils/golden
Package golden provides utilities to compare and update golden files in tests.
|
Package golden provides utilities to compare and update golden files in tests. |
|
users
Package users support all common action on the system for user handling.
|
Package users support all common action on the system for user handling. |
|
users/cache
Package cache handles transaction with an underlying database to cache user and group information.
|
Package cache handles transaction with an underlying database to cache user and group information. |
|
users/idgenerator
Package idgenerator provides an ID generator that generates UIDs and GIDs in a specific range.
|
Package idgenerator provides an ID generator that generates UIDs and GIDs in a specific range. |
|
users/localentries
Package localentries provides functions to access the local user and group database.
|
Package localentries provides functions to access the local user and group database. |
|
users/localentries/testutils
Package localgrouptestutils export users test functionalities used by other packages to change cmdline and group file.
|
Package localgrouptestutils export users test functionalities used by other packages to change cmdline and group file. |
|
users/tempentries
Package tempentries provides a temporary user and group records.
|
Package tempentries provides a temporary user and group records. |
|
users/testutils
Package userstestutils export cache test functionalities used by other packages.
|
Package userstestutils export cache test functionalities used by other packages. |
|
users/types
Package types provides types for the users package.
|
Package types provides types for the users package. |
|
Package log is a temporary package until we forge our log structure.
|
Package log is a temporary package until we forge our log structure. |
|
Package coverage file is only here so that it’s recognized as a go package when computing coverage
|
Package coverage file is only here so that it’s recognized as a go package when computing coverage |
|
src
Package coverage file is only here so that it’s recognized as a go package when computing coverage
|
Package coverage file is only here so that it’s recognized as a go package when computing coverage |
|
src/client
Package coverage file is only here so that it’s recognized as a go package when computing coverage
|
Package coverage file is only here so that it’s recognized as a go package when computing coverage |
|
src/group
Package coverage file is only here so that it’s recognized as a go package when computing coverage
|
Package coverage file is only here so that it’s recognized as a go package when computing coverage |
|
src/logs
Package coverage file is only here so that it’s recognized as a go package when computing coverage
|
Package coverage file is only here so that it’s recognized as a go package when computing coverage |
|
src/passwd
Package coverage file is only here so that it’s recognized as a go package when computing coverage
|
Package coverage file is only here so that it’s recognized as a go package when computing coverage |
|
src/shadow
Package coverage file is only here so that it’s recognized as a go package when computing coverage
|
Package coverage file is only here so that it’s recognized as a go package when computing coverage |
|
Package main is the package for the PAM library.
|
Package main is the package for the PAM library. |
|
internal/adapter
Package adapter is the package for the PAM library
|
Package adapter is the package for the PAM library |
|
internal/dbusmodule
Package dbusmodule includes the tool for DBus PAM module interactions.
|
Package dbusmodule includes the tool for DBus PAM module interactions. |
|
internal/gdm
Package gdm is the package for the GDM pam module handing.
|
Package gdm is the package for the GDM pam module handing. |
|
internal/pam_test
Package pam_test includes test tools for the PAM module
|
Package pam_test includes test tools for the PAM module |
Click to show internal directories.
Click to hide internal directories.