8.3. SSSD


SSSD (System Security Services Daemon) offers access to remote identity and authentication mechanisms, referred to as providers. SSSD allows these providers to be configured as SSSD back-ends, abstracting the actual (local and network) identity and authentication sources. It also allows any kind of identity data provider to be plugged in. A domain is a database containing user information, which can serve as the source of a provider’s identity information. Multiple identity providers are supported, allowing two or more identity servers to act as separate user namespaces. Collected information is available to applications on the front-end through standard PAM and NSS interfaces.
SSSD runs as a suite of services, independent of the applications that use it. Those applications therefore no longer need to make their own connections to remote domains, or even be aware of which is being used. Robust local caching of identity and group membership information allows operations regardless of where identity comes from (e.g., LDAP, NIS, IPA, DB, Samba, and so on), offers improved performance, and allows authentication to be performed even when operating offline and online authentication is unavailable. SSSD also allows the use of multiple providers of the same type (e.g., multiple LDAP providers) and allows domain-qualified identity requests to be resolved by those different providers. Further details can found in the Red Hat Enterprise Linux 6 Deployment Guide.
Red Hat logoGithubRedditYoutube

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.