205hlab-mirrors/authentik
2
0
Fork 0
mirror of https://github.com/goauthentik/authentik.git synced 2026-06-17 19:09:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

website/docs: fix linux setup docs (cherry-pick #20508 to version-2025.12) (#20516)

Browse Source 
website/docs: fix linux setup docs (#20508)

* docs: add auth config steps

* tweak



* Changed wording

* Fix broken link

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
Co-authored-by: Connor Peshek <connor@connorpeshek.me>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
This commit is contained in:
authentik-automation[bot]
2026-02-24 13:47:23 +01:00
committed by GitHub
parent 832c84a226
commit 4fc6959965
2 changed files with 22 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
website/docs/endpoint-devices/authentik-agent/agent-deployment/linux.mdx
+21 -9
View File
@@ -57,7 +57,13 @@ sudo apt update
sudo apt install authentik-cli authentik-agent authentik-sysd
```
4. Confirm that the authentik Agent is installed by opening a terminal window and entering the following command: `ak`
4. _(optional)_ If you plan to enable [SSH server authentication and local device login](#enable-device-compliance-ssh-server-authentication-and-local-device-login), you will need to install two additional packages:
```sh
sudo apt install libnss-authentik libpam-authentik
```
5. Confirm that the authentik Agent is installed by opening a terminal window and entering the following command: `ak`
You should see a response that starts with: `authentik CLI v<version_number>`
@@ -93,7 +99,13 @@ EOF
sudo yum install -y authentik-cli authentik-agent authentik-sysd
```
3. Confirm that the authentik Agent is installed by opening a terminal window and entering the following command: `ak`
3. _(optional)_ If you plan to enable [SSH server authentication and local device login](#enable-device-compliance-ssh-server-authentication-and-local-device-login), you will need to install two additional packages:
```sh
sudo yum install -y libnss-authentik libpam-authentik
```
4. Confirm that the authentik Agent is installed by opening a terminal window and entering the following command: `ak`
You should see a response that starts with: `authentik CLI v<version_number>`
@@ -125,13 +137,13 @@ sudo ak-sysd domains join <deployment_name> --authentik-url https://authentik.co
2. You will be prompted to enter your [enrollment token](#create-an-enrollment-token).
3. Once provided, the device will be enrolled with your authentik deployment and should appear on the [Devices page](../../manage-devices.mdx) after a [check-in](../../device-compliance/device-reporting.md) is completed.
### Local device login on non-Debian systems
### Configure device login on non-Debian systems
On non-Debian Linux distributions, you currently need to manually configure NSS and PAM:
1. Edit `etc/nsswitch.conf` to include `authentik` for `passwd`, `group`, and `shadow`:
1. Edit `/etc/nsswitch.conf` to include `authentik` for `passwd`, `group`, and `shadow`:
```bash title="etc/nsswitch.conf"
```bash title="/etc/nsswitch.conf"
...
passwd: files systemd authentik
group: files systemd authentik
@@ -140,15 +152,15 @@ gshadow: files systemd
...
```
2. Edit the following two files in the `etc/pam.d/` directory. The order matters, both of these lines should be located above `pam_unix` in the respective files.
2. Edit the following two files in the `/etc/pam.d/` directory. The order matters, both of these lines should be located above `pam_unix` in the respective files.
```bash title="etc/pam.d/common-auth"
```bash title="/etc/pam.d/common-auth"
...
auth [success=2 default=ignore] pam_authentik.so
...
```
```bash title="etc/pam.d/common-session"
```bash title="/etc/pam.d/common-session"
...
session required pam_authentik.so
...
@@ -176,7 +188,7 @@ ak version
## Logging
authentik Agent logs are available via the system journal (`systemd`) or `syslog`, depending on the distribution.
authentik Agent logs are available via the systemd journal (`journalctl`) or `syslog`, depending on the distribution.
## Reporting issues
website/docs/endpoint-devices/authentik-agent/device-authentication/local-device-login/linux.md
+1 -1
View File
@@ -29,4 +29,4 @@ When configured correctly, when logging in you should see a prompt for **authent
## Known issues
- Only Webauthn MFA is supported.
- On non-Debian Linux distributions, you currently need to [manually configure NSS and PAM](../../agent-deployment/linux.mdx#local-device-login-on-non-debian-systems).
- On non-Debian Linux distributions, you currently need to [manually configure NSS and PAM](../../agent-deployment/linux.mdx#configure-device-login-on-non-debian-systems).