6.  System Security Services Daemon (SSSD)

The System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides Name Service Switch (NSS) and Pluggable Authentication Modules(PAM) interfaces toward the system and a pluggable back end system to connect to multiple different account sources.
SSSD in Red Hat Enterprise Linux 5.7 includes the following notable enhancements:
  • The new ding-libs package provides utility functions to manipulate file system pathnames (libpath_utils), a hash table which dynamically resizes to achieve optimal storage and access time properties (libdhash), a data type to collect data in a hierarchical structure for easy iteration and serialization (libcollection), a dynamically growing, reference-counted array (libref_array), and a library to process configuration files in initialization format (INI) into a library collection data structure (libini_config).
  • Added support for netgroups.
  • Group support to the simple access provider is now supported.
  • A Kerberos access provider is now included to honor .k5login.
  • Improved support for delayed online Kerberos authentication.
  • Significantly reduced time between connecting to a network or Virtual Private Network (VPN) and acquiring a Ticket Granting Ticket (TGT).
  • The new automatic Kerberos ticket renewal feature allows long-lived processes or cron jobs to function even when the user logs out.
  • Support for shadow access control.
  • Support for authorizedService access control.
  • Ability to mix-and-match LDAP access control features.
  • A new option, providing separate password-change LDAP servers for platforms where LDAP referrals are not supported.
  • Performance improvements when group processing RFC2307 LDAP servers.
  • A new option, dns_discovery_domain, for better configuration when using SRV records for failover.