Unified configuration file for pam_aad and libnss_aad

[Jnchi]

Instead of /etc/libnss-aad.conf, and /etc/pam_aad.conf, both should use a unified configuration, /etc/aad.conf , or in the case where the values don't match, /etc/aad/pam.conf, and /etc/aad/nss.conf.

# /etc/aad/{{service}}.conf
/etc/aad/libnss.conf
/etc/aad/openssh.conf
/etc/aad/openvpn.conf

[Jnchi]

Also, the openvpn-auth-aad plugin re-uses the pam_aad code, and therefore the config file specified for it, https://github.com/CyberNinjas/openvpn-auth-aad

PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags,
                                   int argc, const char **argv) // <-- we should pass the config file path in here

Then in /etc/pam.d/sshd,

auth required pam_aad.so /etc/pam_aad.conf

Or for OpenVPN, the config could be stored in /etc/openvpn/aad.conf, (could be a symlink if both are present on a single box).

Then in /etc/openvpn/server.conf,

# File path for the config file is relative to the OpenVPN configuration folder
plugin /usr/lib/x86_64-linux-gnu/openvpn/plugins/openvpn_aad_auth.so aad.conf

Source: https://github.com/CyberNinjas/pam_aad/blob/master/pam_aad.c#L373