// the find
aad-for-linux/pam_aad
Azure Active Directory PAM Module
A PAM module that lets Linux boxes authenticate against Azure Active Directory using the device code flow. Useful if you're managing Linux servers in an organization that's all-in on Entra ID and don't want to run a separate LDAP bridge.
Single-file C implementation (pam_aad.c) keeps the attack surface small and auditable. Debian packaging is included and looks properly structured with lintian overrides. Device code flow is the right choice here — avoids storing credentials on the machine. Has a SECURITY.md, which is more than most small security-adjacent projects bother with.
Dead since September 2022 — this is a problem for a security module that touches authentication. Azure AD was rebranded to Entra ID and the underlying OAuth endpoints have evolved; no telling if it still works without testing. 26 stars and the test suite is a dlopen smoke test plus a Postman collection, not actual PAM flow integration tests. No mention of MFA handling — device code flow will trigger MFA prompts but there's nothing in the README about how that surfaces through PAM in practice.