// the find
aad-for-linux/libnss-aad
Name Service Switch (NSS) Module for performing user lookups against the Azure Active Directory (AAD).
A glibc NSS module that lets Linux resolve users and shadow entries against Azure Active Directory via OAuth2 client credentials. Lets you run `id someuser@yourdomain` on a Linux box and have it authenticate against AAD without SSSD or domain join. Niche, but if you're running Linux servers in a Microsoft shop, this is the kind of glue that would otherwise take days to write yourself.
Hooks into the standard NSS interface, so it works transparently with any tool that calls getpwnam/getspnam — no app changes needed. Ships a Debian package with proper postinst/postrm scripts, which is more than most small C projects bother with. Has a pre-commit hook enforcing indent style, suggesting the author cared about code consistency in a language where that matters. Avoids the complexity of full domain join — no Kerberos, no winbind, just a simple JSON config and OAuth2.
Dead since September 2022 and only 6 stars, so you're adopting an unmaintained C library that lives in the critical path of user authentication — a CVE here is a root-level problem. Storing a client secret in a plaintext JSON file on disk is a real concern for any multi-tenant or shared system; there's no mention of secret rotation or scoping. The UID/GID assignment strategy isn't explained — the example shows uid=1000, but how UIDs are determined for arbitrary AAD users at scale isn't documented. AAD has since been rebranded to Microsoft Entra ID and the OAuth endpoints have evolved; no guarantee the token flow still works without testing.