Federated Authentication Service

You can use Federated Authentication Service (FAS) to authenticate users logging on to a Linux VDA. The Linux VDA uses the same Windows environment as the Windows VDA for the FAS logon feature. For information about configuring the Windows environment for FAS, see Federated Authentication Service. This article provides extra information specific to the Linux VDA.

Note:

• The Linux VDA does not support the In-session Behavior policy.

• The Linux VDA uses short connections to transmit data with FAS servers.

• The Linux VDA was hardcoded to communicate with FAS servers over port 80. Starting with the 2206 release, you can customize the FAS port on the Linux VDA side through CTX_XDL_FAS_LIST in the ctxsetup.sh. For more information, see the Linux VDA installation article based on your distribution.

Configure FAS on the Linux VDA

FAS support on RHEL 8 and Rocky Linux 8

FAS depends on the pam_krb5 module, which is deprecated on RHEL 8 and Rocky Linux 8. To use FAS on RHEL 8 and Rocky Linux 8, build the pam_krb5 module as follows:

1. Download the pam_krb5-2.4.8-6 source code from the following website:

   https://centos.pkgs.org/7/centos-x86_64/pam_krb5-2.4.8-6.el7.x86_64.rpm.html.

2. Build and install the pam_krb5 module on RHEL 8 and Rocky Linux 8.

   yum install make gcc krb5-devel pam-devel autoconf libtool
   rpm2cpio pam_krb5-2.4.8-6.el7.src.rpm | cpio -div
   tar xvzf pam_krb5-2.4.8.tar.gz
   cd pam_krb5-2.4.8
   ./configure --prefix=/usr
   make
   make install
   <!--NeedCopy-->