Page Index - himmelblau-idm/himmelblau GitHub Wiki

25 page(s) in this GitHub Wiki:

• Home
• Supported Linux Distributions
• Installing Himmelblau
• Fedora and Rocky Linux:
• openSUSE/SUSE Linux Enterprise:
• Debian/Ubuntu:
• Configuring Himmelblau
• Note: Leaving the pam_allow_groups option unset in the /etc/himmelblau/himmelblau.conf file permits all users to authenticate.
• Note: On Ubuntu, you should additionally set use_etc_skel to true and configure home_attr and home_alias to match (I recommend using the CN attribute). These parameters are necessary, otherwise Ubuntu's snaps will fail to execute. These settings are set by default using the Himmelblau project Debian/Ubuntu packages.
• Run the daemon
• Disable nscd
• Setup NSS
• Setup PAM
• Note: If you intend to use Hello or Passwordless authentication, it's recommended that pam_himmelblau.so be placed before pam_unix.so in the pam auth stack (but always after pam_localuser.so), otherwise pam_unix will unnecessarily prompt for a password.
• Enrolling the Device and Hello PIN
• Capturing authentication traffic using cirrus‐scope
• Cloud Kerberos Trust for Linux
• Configuring Unix Attribute Synchronization with Azure Entra ID Using Microsoft Entra Connect Sync
• Creating an Entra ID Application for Himmelblau GroupMember.Read.All Permissions
• Enabling the Himmelblau QR Greeter gnome‐shell Extension
• MS specs which Himmelblau uses
• OpenSSH Bug 2876 ‐ Unable to use MFA over SSH ‐ Workaround
• Syncing Active Directory with Azure Entra ID
• Troubleshooting: The user '...' already exists and fake users listed in NSS
• Write Permissions for the logon_script Parameter in Himmelblau