:: Re: [DNG] what is sssd?
Top Page
Delete this message
Reply to this message
Author: Rob Owens
Date:  
To: dng
Subject: Re: [DNG] what is sssd?
One thing it can be used for is offline authentication for LDAP users. I am
currently using sssd on a Funtoo laptop for this purpose. When I have no
network access (no access to the LDAP server), my users can still log in.

Previously I had used pam-ccreds for this. Both pam-ccreds and sssd require
changes to the pam.d files in order to work for offline authentication. I am
not a PAM wizard, so I had a lot of trouble getting this done. I never really
got it working right with pam-ccreds, but I managed to stumble upon a working
configuration with sssd.

That is not an endorsement of sssd, necessarily -- I think if I was more
knowledgeable about PAM I could probably get either one working. I would
prefer to use pam-ccreds only because it has a much more limited scope than
sssd seems to have. If I recall correctly, pam-ccreds needs to be used in
combination with nslcd for offline LDAP authentication.

-Rob

----- Original Message -----
> From: "Dr. Nikolaus Klepp" <dr.klepp@???>
> To: dng@???
> Sent: Friday, January 22, 2016 8:23:46 AM
> Subject: [DNG] what is sssd?


> Does anybody know what sssd is good for? I was a bit surprised to see a whole
> bunch of these sssd-something packages in debian, while I was searching for
> sss. It's homepage says:
>
> "SSSD is a system daemon. Its primary function is to provide access to identity
> and authentication remote resource through a common framework that can provide
> caching and offline support to the system. It provides PAM and NSS modules, and
> in the future will D-BUS based interfaces for extended user information. It
> provides also a better database to store local users as well as extended user
> data.
>
> Documentation on configuring SSSD in Fedora or Red Hat Enterprise Linux is
> available from the RHEL deployment guide. We also have a dedicated
> Documentation section [...]"
>
> Any idea?
>
>
> --
> Please do not email me anything that you are not comfortable also sharing with
> the NSA.
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng