Brussels / 3 & 4 February 2018


SSSD: From an LDAP client to the System Security Services Daemon

SSSD is known in the OSS world as a client towards different LDAP-like databases. However, recently, we have started taking SSSD beyond its bread and butter LDAP client role to provide services that are usable in a broader context, as an application gateway or to a local machine. As a result, you might soon see SSSD enabled and running in your favourite distribution by default or quietly running on the background of another service.

In the talk I will demonstrate what enhancements we already did in SSSD, such as how to use SSSD as a gateway between an application and a user database or why should you let SSSD manage your Kerberos credential caches .

I'll also illustrate things we are working on for the future such how to add and access extra attributes of your local users or why it makes sense to let SSSD handle smart card logins even for local users.

The talk will be useful to system administrators, mainly those who deal with user account management, but also to developers who work on services that integrate with user databases.

The talk will deal with topics including: - why we enabled SSSD in Fedora and in RHEL on all systems by default, even those that have no connection with a remote user database - why are we moving features like smart card management or even Kerberos cache management to SSSD - what are the interfaces that SSSD exports towards the system, both on the operating system level and the programming level - how can you use SSSD to fetch data from a remote data store to your application


Photo of Jakub Hrozek Jakub Hrozek