8.2. The System Security Services Daemon (SSSD)

This section provides an introduction to the System Security Services Daemon (SSSD), the main features that it provides, and discusses the requirements and any limitations of a typical SSSD deployment.

This section also describes how to configure SSSD, and how to use the features that it provides. It provides information on the types of services that it supports and how to configure them, and introduces and describes the most important configuration options. Sample configuration files are also provided to help you optimize your deployment.

8.2.1. What is SSSD?

The System Security Services Daemon (SSSD) is a service which provides access to different identity and authentication providers. You can configure SSSD to use a native LDAP domain (that is, an LDAP identity provider with LDAP authentication), or an LDAP identity provider with Kerberos authentication. It provides an NSS and PAM interface to the system, and a pluggable back-end system to connect to multiple different account sources.

SSSD is also extensible; you can configure it to use new identity sources and authentication mechanisms should they arise. In addition, SSSD is fully IPv6-compatible, provided that it is built against c-ares 1.7.1 or later and krb5-libs 1.8.1 or later.