Chapter 7. Reporting on user access on hosts using SSSD
The Security System Services Daemon (SSSD) tracks which users can or cannot access clients. This chapter describes creating access control reports and displaying user data using the
- SSSD packages are installed in your network environment.
7.1. The sssctl command
sssctl is a command-line tool using Security System Services Daemon (SSSD) to gather information about:
- domain state
- client user authentication
- user access on clients of a particular domain
- information about cached content
sssctl tool, you can:
- manage the SSSD cache
- manage logs
- check configuration files
sssctl tool replaces
For details about
# sssctl --help
7.2. Generating access control reports using sssctl
You can list the access control rules applied to the machine on which you are running the report because SSSD controls which users can log in to the client.
The access report is not accurate because the tool does not track users locked out by the Key Distribution Center (KDC).
- You must be logged in with administrator privileges
sssctlis available on RHEL 7 and RHEL 8 systems
To generate a report for the
[root@client1 ~]# sssctl access-report idm.example.com 1 rule cached Rule name: example.user Member users: example.user Member services: sshd