13.2.4. SSSD and System Services
SSSD and its associated services are configured in the
sssd.conf
file. The [sssd]
section also lists the services that are active and should be started when sssd
starts within the services
directive.
SSSD can provide credentials caches for several system services:
- A Name Service Switch (NSS) provider service that answers name service requests from the
sssd_nss
module. This is configured in the[nss]
section of the SSSD configuration.This is described in Section 13.2.5, “Configuring Services: NSS”. - A PAM provider service that manages a PAM conversation through the
sssd_pam
module. This is configured in the[pam]
section of the configuration.This is described in Section 13.2.6, “Configuring Services: PAM”. - An SSH provider service that defines how SSSD manages the
known_hosts
file and other key-related configuration. Using SSSD with OpenSSH is described in Section 13.2.9, “Configuring Services: OpenSSH and Cached Keys”. - An
autofs
provider service that connects to an LDAP server to retrieve configured mount locations. This is configured as part of an LDAP identity provider in a[domain/NAME]
section in the configuration file.This is described in Section 13.2.7, “Configuring Services: autofs”. - A
sudo
provider service that connects to an LDAP server to retrieve configuredsudo
policies. This is configured as part of an LDAP identity provider in a[domain/NAME]
section in the configuration file.This is described in Section 13.2.8, “Configuring Services: sudo”. - A PAC responder service that defines how SSSD works with Kerberos to manage Active Directory users and groups. This is specifically part of managing Active Directory identity providers with domains, as described in Section 13.2.13, “Creating Domains: Active Directory”.