이 콘텐츠는 선택한 언어로 제공되지 않습니다.
13.2.27. Seeding Users into the SSSD Cache During Kickstart
Note
Adding user accounts manually requires the sssd-tools package to be installed.
With SSSD, users in a remote domain are not available in a local system until that identity is retrieved from the identity provider. However, some network interfaces are not available until a user has logged in — which is not possible if the user identity is somewhere over the network. In that case, it is possible to seed the SSSD cache with that user identity, associated with the appropriate domain, so that the user can log in locally and active the appropriate interfaces.
This is done using the
sss_seed utility:
sss_seed --domain EXAMPLE.COM --username testuser --password-file /tmp/sssd-pwd.txt
This utility requires options that identify, at a minimum, the user name, domain name, and password.
--domaingives the domain name from the SSSD configuration. This domain must already exist in the SSSD configuration.--usernamefor the short name of the user account.--password-filefor the path and name of a file containing a temporary password for the seed entry. If the user account already exists in the SSSD cache, then the temporary password in this file overwrites the stored password in the SSSD cache.
Additional account configuration options are listed in the
sss_seed(8) man page.
This would almost always be run as part of a kickstart or automated setup, so it would be part of a larger set of scripts, which would also enable SSSD, set up an SSSD domain, and create the password file. For example:
function make_sssd {
cat <<- _EOF_
[sssd]
domains = LOCAL
services = nss,pam
[nss]
[pam]
[domain/LOCAL]
id_provider = local
auth_provider = local
access_provider = permit
_EOF_
}
make_sssd >> /etc/sssd/sssd.conf
authconfig --enablesssd --enablesssdauth --update
function make_pwdfile {
cat <<1 _EOF_
password
_EOF_
}
make_pwdfile >> /tmp/sssd-pwd.txt
sss_seed --domain EXAMPLE.COM --username testuser --password-file /tmp/sssd-pwd.txt