13.2.4. SSSD and System Services
SSSD and its associated services are configured in the
sssd.conf file. The [sssd] section also lists the services that are active and should be started when sssd starts within the services directive.
SSSD can provide credentials caches for several system services:
- A Name Service Switch (NSS) provider service that answers name service requests from the
sssd_nssmodule. This is configured in the[nss]section of the SSSD configuration.This is described in Section 13.2.5, “Configuring Services: NSS”. - A PAM provider service that manages a PAM conversation through the
sssd_pammodule. This is configured in the[pam]section of the configuration.This is described in Section 13.2.6, “Configuring Services: PAM”. - An SSH provider service that defines how SSSD manages the
known_hostsfile and other key-related configuration. Using SSSD with OpenSSH is described in Section 13.2.9, “Configuring Services: OpenSSH and Cached Keys”. - An
autofsprovider service that connects to an LDAP server to retrieve configured mount locations. This is configured as part of an LDAP identity provider in a[domain/NAME]section in the configuration file.This is described in Section 13.2.7, “Configuring Services: autofs”. - A
sudoprovider service that connects to an LDAP server to retrieve configuredsudopolicies. This is configured as part of an LDAP identity provider in a[domain/NAME]section in the configuration file.This is described in Section 13.2.8, “Configuring Services: sudo”. - A PAC responder service that defines how SSSD works with Kerberos to manage Active Directory users and groups. This is specifically part of managing Active Directory identity providers with domains, as described in Section 13.2.13, “Creating Domains: Active Directory”.
