13.2.2. Setting up the sssd.conf File
SSSD services and domains are configured in a
.conffile. By default, this is
/etc/sssd/sssd.conf— although that file must be created and configured manually, since SSSD is not configured after installation.
184.108.40.206. Creating the sssd.conf File
There are three parts of the SSSD configuration file:
[sssd], for general SSSD process and operational configuration; this basically lists the configured services, domains, and configuration parameters for each
- [service_name], for configuration options for each supported system service, as described in Section 13.2.4, “SSSD and System Services”
- [domain_type/DOMAIN_NAME], for configuration options for each configured identity provider
ImportantWhile services are optional, at least one identity provider domain must be configured before the SSSD service can be started.
Example 13.1. Simple sssd.conf File
[sssd] domains = LOCAL services = nss config_file_version = 2 [nss] filter_groups = root filter_users = root [domain/LOCAL] id_provider = local auth_provider = local access_provider = permit
[sssd]section has three important parameters:
domainslists all of the domains, configured in the
sssd.conf, which SSSD uses as identity providers. If a domain is not listed in the
domainskey, it is not used by SSSD, even if it has a configuration section.
serviceslists all of the system services, configured in the
sssd.conf, which use SSSD; when SSSD starts, the corresponding SSSD service is started for each configured system service. If a service is not listed in the
serviceskey, it is not used by SSSD, even if it has a configuration section.
config_file_versionsets the version of the configuration file to set file format expectations. This is version 2, for all recent SSSD versions.
Even if a service or domain is configured in the
sssd.conffile, SSSD does not interact with that service or domain unless it is listed in the
domainsparameters, respectively, in the
Other configuration parameters are listed in the
Each service and domain parameter is described in its respective configuration section in this chapter and in their man pages.