6. System Security Services Daemon (SSSD)
The System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides Name Service Switch (NSS) and Pluggable Authentication Modules(PAM) interfaces toward the system and a pluggable back end system to connect to multiple different account sources.
SSSD in Red Hat Enterprise Linux 5.7 includes the following notable enhancements:
- The new
ding-libs
package provides utility functions to manipulate file system pathnames (libpath_utils
), a hash table which dynamically resizes to achieve optimal storage and access time properties (libdhash
), a data type to collect data in a hierarchical structure for easy iteration and serialization (libcollection
), a dynamically growing, reference-counted array (libref_array
), and a library to process configuration files in initialization format (INI) into a library collection data structure (libini_config
). - Added support for
netgroups
. - Group support to the simple access provider is now supported.
- A Kerberos access provider is now included to honor
.k5login
. - Improved support for delayed online Kerberos authentication.
- Significantly reduced time between connecting to a network or Virtual Private Network (VPN) and acquiring a Ticket Granting Ticket (TGT).
- The new automatic Kerberos ticket renewal feature allows long-lived processes or cron jobs to function even when the user logs out.
- Support for
shadow
access control. - Support for
authorizedService
access control. - Ability to mix-and-match LDAP access control features.
- A new option, providing separate password-change LDAP servers for platforms where LDAP referrals are not supported.
- Performance improvements when group processing RFC2307 LDAP servers.
- A new option,
dns_discovery_domain
, for better configuration when using SRV records for failover.