30.3. Configuring SSSD to Work with System Services
sssd.conffile. on sections. The
[sssd]section also lists the services that are active and should be started when
sssdstarts within the
- A Name Service Switch (NSS) provider service that answers name service requests from the
sssd_nssmodule. This is configured in the
[nss]section of the SSSD configuration.
- A PAM provider service that manages a PAM conversation through the
sssd_pammodule. This is configured in the
[pam]section of the configuration.
monitor, a special service that monitors and starts or restarts all other SSSD services. Its options are specified in the
[sssd]section of the
lookup family orderoption in the
30.3.1. Configuring NSS Services
sssd_nss, which instructs the system to use SSSD to retrieve user information. The NSS configuration must include a reference to the SSSD module, and then the SSSD configuration sets how SSSD interacts with NSS.
18.104.22.168. About NSS Service Maps and SSSD
- Passwords (
- User groups (
- Groups (
- Netgroups (
22.214.171.124. Configuring NSS Services to Use SSSD
nss_sssmodule has to be included for the desired service type.
nsswitch.conffile to use SSSD as a provider.
[root@server ~]# authconfig --enablesssd --update
passwd: files sss shadow: files sss group: files sss netgroup: files sss
126.96.36.199. Configuring SSSD to Work with NSS
- Open the
[root@server ~]# vim /etc/sssd/sssd.conf
- Make sure that NSS is listed as one of the services that works with SSSD.
[sssd] config_file_version = 2 reconnection_retries = 3 sbus_timeout = 30 services =
- In the
[nss]section, change any of the NSS parameters. These are listed in Table 30.1, “SSSD [nss] Configuration Parameters”.
[nss] filter_groups = root filter_users = root reconnection_retries = 3 entry_cache_timeout = 300 entry_cache_nowait_percentage = 75
- Restart SSSD.
[root@server ~]# service sssd restart
Table 30.1. SSSD [nss] Configuration Parameters
|Parameter||Value Format||[root@server ~] Description|
|enum_cache_timeout||integer|| Specifies how long, in seconds, |
|entry_cache_nowait_percentage||integer|| Specifies how long |
This configures the entry cache to update entries in the background automatically if they are requested if the time before the next update is a certain percentage of the next interval. For example, if the interval is 300 seconds and the cache percentage is 75, then the entry cache will begin refreshing when a request comes in at 225 seconds — 75% of the interval.
The allowed values for this option are 0 to 99, which sets the percentage based on the
|entry_negative_timeout||integer|| Specifies how long, in seconds, |
|filter_users, filter_groups||string|| Tells SSSD to exclude certain users from being fetched from the NSS database. This is particularly useful for system accounts such as |
|filter_users_in_groups||Boolean|| Sets whether users listed in the |