Ubuntu 26.04 LTS: Authd officially available for cloud authentication
With Ubuntu 26.04 LTS, Authd will be officially available via package sources. The daemon allows authentication with cloud providers.
(Image: heise medien)
Canonical has included the authentication daemon Authd in the official package repositories of the upcoming Ubuntu 26.04 LTS. This allows users to access the software directly via the standard package repositories for the first time, with which Ubuntu systems can authenticate with cloud-based providers. Previously, Authd was only available via a PPA (Personal Package Archive) or by manual compilation.
Authd is an authentication daemon that enables the integration of Ubuntu Desktop and Server with cloud-based identity providers. The software uses standardized protocols such as OpenID Connect (OIDC) and the OAuth 2.0 Device Authorization Grant Flow (RFC 8628). The special feature: Authd follows a modular broker architecture, where a separate broker is available as a Snap package for each identity provider.
Currently, Authd directly supports Microsoft Entra ID and Google Cloud IAM. New in Ubuntu 26.04 LTS is a generic OIDC broker that allows connection to any OIDC-compatible provider. This enables administrators to now also integrate services such as Okta, Auth0, Ping Identity, or self-hosted software like Keycloak. Canonical describes this as a response to the demand for flexible identity provider integration: "This new broker snap is our answer to that need, allowing Ubuntu Desktop and Server to integrate with any identity provider that supports a vanilla OIDC flow" it says in the official blog.
Videos by heise
Universe instead of Main: Community focus in packaging
Canonical has placed Authd in the Universe repository, not in the Main repository. The difference: while Main packages are directly supplied by Canonical with guaranteed security updates, Universe packages are considered community-maintained. In the case of Authd, however, this does not mean a lack of support: Canonical itself maintains the package and provides security updates throughout the entire LTS cycle of five years (up to ten years with Ubuntu Pro).
For companies, integration into the official Ubuntu archive offers significant advantages over the previous method via PPA. Installation now takes place via standardized channels, which simplifies compliance requirements. Furthermore, the maintenance effort for manual updates is eliminated; security patches reach the systems automatically via the regular Ubuntu update mechanisms.
Installation
Installing Authd in Ubuntu 26.04 LTS is straightforward: after activating the Universe repository with add-apt-repository universe, the package can be set up via apt install authd. The actual provider brokers are installed as separate Snap packages, for example snap install authd-msentra for Microsoft Entra ID or snap install authd-oidc-generic for the generic OIDC broker.
Canonical sees the development as still in its early stages: "Authd enters the official Ubuntu archive, and this is just the beginning." Planned are extensions of broker support and additional management tools based on practical feedback.
Further details on Authd integration can be found in the Ubuntu Community Hub.
(fo)
