authd icon indicating copy to clipboard operation
authd copied to clipboard
verified publisher icon ubuntu

Feature: Ubuntu 22 Support

Open akertis opened this issue 1 year ago • 6 comments

Is there an existing request for this feature?

  • [X] I have searched the existing issues and found none that matched mine

Describe the feature

Ubuntu 22 support. Intune still doesn't support Ubuntu 24 and Ubuntu 22 still needs to be used until Ubuntu 24 support is rolled out for Intune.

Describe the ideal solution

PPA repo has Ubuntu 22 packages that will work similarly to how it configured on Ubuntu 24.

Alternatives and current workarounds

No response

System information and logs

Environment

  • broker version: please run snap info authd-msentraid
  • authd version: please run /usr/libexec/authd version
  • gnome shell version: please run apt policy gnome-shell
  • Distribution: (NAME in /etc/os-release)
  • Distribution version: (VERSION_ID on /etc/os-release):

Log files

Please redact/remove sensitive information:

Authd entries:

journalctl -u authd.service

MS Entra ID broker entries:

journalctl -u snap.authd-msentraid.authd-msentraid.service

Application settings

Please redact/remove sensitive information:

Broker configuration:

cat /var/snap/authd-msentraid/current/broker.conf

Broker authd configuration:

cat /etc/authd/brokers.d/msentraid.conf

Relevant information

No response

Double check your logs

  • [X] I have redacted any sensitive information from the logs

akertis avatar Sep 13 '24 19:09 akertis

While authd per se can easily support Ubuntu 22.04, this implies some non-trivial work in the GDM side of it.

3v1n0 avatar Sep 29 '24 23:09 3v1n0

You can also get intune to work on 24.04. It takes some effort, but it's working well right now for us

namato1 avatar Oct 09 '24 12:10 namato1

While authd per se can easily support Ubuntu 22.04, this implies some non-trivial work in the GDM side of it.

do you think it would be an option to offer authd for 22.04 Ubuntu Server until the gdm side is implemented? it would be great for us as we still have a lot of 22.04 servers

valluwtf avatar Oct 14 '24 09:10 valluwtf

Server version would just work I think, although we may need to backport https://github.com/openssh/openssh-portable/pull/452 to 22.04, but it shouldn't be a big issue since the patch is already part of 24.04.

It looks like compiling the nss module is more problematic in 22.04 right now (as per some rust debian toolchain lacks), so that would also require some dedication. At the same time, authd (the daemon) and the "pure" PAM sides are all working properly in 22.04 right now.

3v1n0 avatar Oct 14 '24 10:10 3v1n0

Problem for 22.04 is the Go compiler version (I opted for the PPA) and that dh-rust does not expect the vendored packages to be in vendor_rust/, but only in debian/cargo_registry/. Also, dh_dwz does not yet have the exception-rule for Go, so override_dh_dwz is needed in debian/rules.

If it is desired, I could clean up my patches and submit as PR. But as was previously mentioned, this won't be sufficient to get Authd to be useful on 22.04 alone due to GDM and SSHD also needing changes.

michaelwildvarian avatar Nov 06 '24 20:11 michaelwildvarian

I would also add that as it stands 24.04 is not FIPS-certified, 22 is. Would be nice if I could use authd on FIPS-certified OS

dsupru avatar Aug 08 '25 00:08 dsupru