Project Lightwave is an open source identity and access management platform from VMware. One of the many capabilities offered is authentication of SSH logins, eliminating the need to manage local user accounts on Photon container runtime instances. This article walks through the basic steps required to enable this feature — please see the quick start guide for instructions on how to set up a Lightwave server and join a client to the domain.
Once configured, it is possible to ssh into Photon using Lightwave directory credentials and even use sudo to run privileged commands:
Photon Configuration
After the Lightwave components and dependencies are installed, run these commands:
/opt/likewise/bin/domainjoin-cli configure --enable pam /opt/likewise/bin/domainjoin-cli configure --enable nsswitch /opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers]' \ LoadOrder "ActiveDirectory" "VmDir" "Local" /opt/likewise/bin/lwsm restart lsass
Enable SUDO for the Lightwave Account
This is an optional step. If you would like the user logging in via Lightwave credentials to be able to run privileged commands, add the account to sudoers by doing the following:
echo 'lightwave.local\\Administrator ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/lightwave-administrator
Use SSH to log in from another system
In order to log into the Photon instance, the the Lightwave account must be specified by using one of the following variations:
ssh -l administrator@lightwave.local 192.168.237.202 ssh administrator@lightwave.local@192.168.237.202 ssh -l lightwave.local\\administrator 192.168.237.202 ssh lightwave.local\\administrator@192.168.237.202
Run your containers
After logging in, docker containers can be executed as needed:
Project Lightwave has much more to offer, so please stay tuned for more information on technical capabilities and feature demos. Also be sure to check out the vSphere blog for an overview of Photon and Lightwave.