Home

sssd

System Security Services Daemon (SSSD) is an open-source system service used on Linux and other Unix-like operating systems to provide centralized identity, authentication, and authorization services. It consolidates access to remote identity providers and offers local caching to support offline authentication. SSSD serves as a replacement or supplement to older components such as nss_ldap and pam_krb5.

SSSD can operate with multiple identity providers, including LDAP servers (OpenLDAP, Microsoft Active Directory), Kerberos realms,

Configuration and operation: The daemon runs as sssd and is configured via /etc/sssd/sssd.conf. You can define

Usage and administration: SSSD integrates with NSS and PAM; on most distros it can be enabled via

History and availability: SSSD was developed to provide a unified framework for identity and authentication services

and
IPA-based
deployments
like
FreeIPA.
It
supports
RFC
2307
ID
mapping,
as
well
as
id
providers
for
AD
and
IPA,
with
an
id_mapping
feature.
It
provides
id
and
group
information
to
the
Name
Service
Switch
(NSS)
and
authentication
data
to
PAM,
enabling
login
and
sudo.
one
or
more
domains,
each
with
an
id_provider
(e.g.,
ldap,
kerberos,
ad),
and
optionally
specify
access
filters
and
caching
settings.
SSSD
uses
a
local
cache
to
provide
offline
authentication
and
faster
subsequent
logins.
It
communicates
with
remote
servers
over
TLS
and
can
obtain
credentials
from
Kerberos
or
LDAP,
depending
on
the
domain.
The
sss_cache
utility
can
be
used
to
manage
the
local
cache.
libnss_sss
and
pam_sss
modules.
Users
can
be
located
with
getent,
and
SSH
public
keys
stored
in
LDAP
can
be
retrieved
if
supported.
SSSD
is
commonly
used
in
enterprise
environments,
notably
with
FreeIPA
and
Active
Directory
integrations,
to
centralize
identity
and
access
management
on
client
machines.
in
Linux
and
is
shipped
by
default
in
many
distributions.
It
is
maintained
as
part
of
the
open-source
security
stack
and
is
widely
deployed
in
enterprise
Linux
deployments
as
a
replacement
for
older
NSS
and
PAM
backends.