One thing it can be used for is offline authentication for LDAP users. I am currently using sssd on a Funtoo laptop for this purpose. When I have no network access (no access to the LDAP server), my users can still log in.
Previously I had used pam-ccreds for this. Both pam-ccreds and sssd require changes to the pam.d files in order to work for offline authentication. I am not a PAM wizard, so I had a lot of trouble getting this done. I never really got it working right with pam-ccreds, but I managed to stumble upon a working configuration with sssd. That is not an endorsement of sssd, necessarily -- I think if I was more knowledgeable about PAM I could probably get either one working. I would prefer to use pam-ccreds only because it has a much more limited scope than sssd seems to have. If I recall correctly, pam-ccreds needs to be used in combination with nslcd for offline LDAP authentication. -Rob ----- Original Message ----- > From: "Dr. Nikolaus Klepp" <dr.kl...@gmx.at> > To: dng@lists.dyne.org > Sent: Friday, January 22, 2016 8:23:46 AM > Subject: [DNG] what is sssd? > Does anybody know what sssd is good for? I was a bit surprised to see a whole > bunch of these sssd-something packages in debian, while I was searching for > sss. It's homepage says: > > "SSSD is a system daemon. Its primary function is to provide access to > identity > and authentication remote resource through a common framework that can provide > caching and offline support to the system. It provides PAM and NSS modules, > and > in the future will D-BUS based interfaces for extended user information. It > provides also a better database to store local users as well as extended user > data. > > Documentation on configuring SSSD in Fedora or Red Hat Enterprise Linux is > available from the RHEL deployment guide. We also have a dedicated > Documentation section [...]" > > Any idea? > > > -- > Please do not email me anything that you are not comfortable also sharing with > the NSA. > _______________________________________________ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
