Chapter 7. Configuring SSSD
7.1. Introduction to SSSD
7.1.1. How SSSD Works
- Connects the client to an identity store to retrieve authentication information.
- Uses the obtained authentication information to create a local cache of users and credentials on the client.
Figure 7.1. How SSSD works
7.1.2. Benefits of Using SSSD
- Reduced load on identity and authentication servers
- When requesting information, SSSD clients contact SSSD, which checks its cache. SSSD contacts the servers only if the information is not available in the cache.
- Offline authentication
- SSSD optionally keeps a cache of user identities and credentials retrieved from remote services. In this setup, users can successfully authenticate to resources even if the remote server or the SSSD client are offline.
- A single user account: improved consistency of the authentication process
- With SSSD, it is not necessary to maintain both a central account and a local user account for offline authentication.Remote users often have multiple user accounts. For example, to connect to a virtual private network (VPN), remote users have one account for the local system and another account for the VPN system.Thanks to caching and offline authentication, remote users can connect to network resources simply by authenticating to their local machine. SSSD then maintains their network credentials.