Use Lightwave to authenticate SSH logins to Photon

Project Lightwave is an open source identity and access management platform from VMware. One of the many capabilities offered is authentication of SSH logins, eliminating the need to manage local user accounts on Photon container runtime instances.  This article walks through the basic steps required to enable this feature — please see the quick start guide for instructions on how to set up a Lightwave server and join a client to the domain.

Once configured, it is possible to ssh into Photon using Lightwave directory credentials and even use sudo to run privileged commands:

SSH into Photon with your Lightwave directory credentials

Photon Configuration

After the Lightwave components and dependencies are installed, run these commands:

/opt/likewise/bin/domainjoin-cli configure --enable pam
/opt/likewise/bin/domainjoin-cli configure --enable nsswitch
/opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers]' \
   LoadOrder "ActiveDirectory" "VmDir" "Local"
/opt/likewise/bin/lwsm restart lsass

Enable SUDO for the Lightwave Account

This is an optional step.  If you would like the user logging in via Lightwave credentials to be able to run privileged commands, add the account to sudoers by doing the following:

echo 'lightwave.local\\Administrator ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/lightwave-administrator

Use SSH to log in from another system

In order to log into the Photon instance, the the Lightwave account must be specified by using one of the following variations:

ssh -l administrator@lightwave.local
ssh administrator@lightwave.local@
ssh -l lightwave.local\\administrator
ssh lightwave.local\\administrator@

Run your containers

After logging in, docker containers can be executed as needed:


Project Lightwave has much more to offer, so please stay tuned for more information on technical capabilities and feature demos.  Also be sure to check out the vSphere blog for an overview of Photon and Lightwave.


(Visited 2,307 times, 1 visits today)
This entry was posted in Virtualizationism and tagged , , . Bookmark the permalink.