SSSD(8) | SSSD Manual pages | SSSD(8) |
NAME¶
sssd - System Security Services DaemonSYNOPSIS¶
sssd [options]
DESCRIPTION¶
SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources as well as D-Bus interface. It is also the basis to provide client auditing and policy services for projects like FreeIPA. It provides a more robust database to store local users as well as extended user data.OPTIONS¶
-d,--debug-level LEVELSSSD supports two representations for specifying the
debug level. The simplest is to specify a decimal value from 0-9, which
represents enabling that level and all lower-level debug messages. The more
comprehensive option is to specify a hexadecimal bitmask to enable or disable
specific levels (such as if you wish to suppress a level).
Currently supported debug levels:
0, 0x0010: Fatal failures. Anything that would prevent SSSD from
starting up or causes it to cease running.
1, 0x0020: Critical failures. An error that doesn't kill the SSSD,
but one that indicates that at least one major feature is not going to work
properly.
2, 0x0040: Serious failures. An error announcing that a particular
request or operation has failed.
3, 0x0080: Minor failures. These are the errors that would
percolate down to cause the operation failure of 2.
4, 0x0100: Configuration settings.
5, 0x0200: Function data.
6, 0x0400: Trace messages for operation functions.
7, 0x1000: Trace messages for internal control functions.
8, 0x2000: Contents of function-internal variables that may be
interesting.
9, 0x4000: Extremely low-level tracing information.
To log required bitmask debug levels, simply add their numbers together as shown
in following examples:
Example: To log fatal failures, critical failures, serious failures and
function data use 0x0270.
Example: To log fatal failures, configuration settings, function data,
trace messages for internal control functions use 0x1310.
Note: The bitmask format of debug levels was introduced in 1.7.0.
Default: 0
--debug-timestamps=mode
1: Add a timestamp to the debug messages
0: Disable timestamp in the debug messages
Default: 1
--debug-microseconds=mode
1: Add microseconds to the timestamp in debug
messages
0: Disable microseconds in timestamp
Default: 0
-f,--debug-to-files
Send the debug output to files instead of stderr. By
default, the log files are stored in /var/log/sssd and there are separate log
files for every SSSD service and domain.
-D,--daemon
Become a daemon after starting up.
-i,--interactive
Run in the foreground, don't become a daemon.
-c,--config
Specify a non-default config file. The default is
/etc/sssd/sssd.conf. For reference on the config file syntax and options,
consult the sssd.conf(5) manual page.
-?,--help
Display help message and exit.
--version
Print version number and exit.
SIGNALS¶
SIGTERM/SIGINTInforms the SSSD to gracefully terminate all of its child
processes and then shut down the monitor.
SIGHUP
Tells the SSSD to stop writing to its current debug file
descriptors and to close and reopen them. This is meant to facilitate log
rolling with programs like logrotate.
SIGUSR1
Tells the SSSD to simulate offline operation for one
minute. This is mostly useful for testing purposes.
SIGUSR2
Tells the SSSD to go online immediately. This is mostly
useful for testing purposes.
NOTES¶
Environment variable SSS_NSS_USE_MEMCACHEIf the environment variable SSS_NSS_USE_MEMCACHE is set
to "NO", client applications will not use the fast in-memory
cache.
Amount of time SSSD spends in offline mode
When SSSD switches to offline mode, the amount of time
before it tries to go back online will increase based upon the time spent
disconnected. This value is in seconds and calculated by the following:
60 + random_offset
The random offset can increment up to 30 seconds. After each unsuccessful
attempt to go online, the new interval is recalculated by the following:
new_interval = old_interval*2 + random_offset
Note that the maximum length of each interval is currently limited to one hour.
If the calculated length of new_interval is greater than an hour, it will be
forced to one hour.
SEE ALSO¶
sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-sudo(5), sss_cache(8), sss_debuglevel(8), sss_groupadd(8), sss_groupdel(8), sss_groupshow(8), sss_groupmod(8), sss_useradd(8), sss_userdel(8), sss_usermod(8), sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8), sssd-ifp(5),pam_sss(8).AUTHORS¶
The SSSD upstream - http://fedorahosted.org/sssd01/16/2015 | SSSD |