8.3. Displaying user authorization details using sssctl
The sssctl user-checks
command helps debug problems in applications that use the System Security Services Daemon (SSSD) for user lookup, authentication, and authorization.
The sssctl user-checks [USER_NAME]
command displays user data available through Name Service Switch (NSS) and the InfoPipe responder for the D-Bus interface. The displayed data shows whether the user is authorized to log in using the system-auth
Pluggable Authentication Module (PAM) service.
The command has two options:
-
-a
for a PAM action -
-s
for a PAM service
If you do not define -a
and -s
options, the sssctl
tool uses default options: -a acct -s system-auth
.
Conditions préalables
- You must be logged in with administrator privileges
-
The
sssctl
tool is available on RHEL 7, RHEL 8, and RHEL 9 systems.
Procédure
To display user data for a particular user, enter:
[root@client1 ~]# sssctl user-checks -a acct -s sshd example.user user: example.user action: acct service: sshd ....
Ressources supplémentaires
-
sssctl user-checks --help