'\" t
.\"     Title: sss_obfuscate
.\"    Author: The SSSD upstream - https://github.com/SSSD/sssd/
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\"      Date: 04/10/2024
.\"    Manual: SSSD Manual pages
.\"    Source: SSSD
.\"  Language: English
.\"
.TH "SSS_OBFUSCATE" "8" "04/10/2024" "SSSD" "SSSD Manual pages"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
sss_obfuscate \- obfuscate a clear text password
.SH "SYNOPSIS"
.HP \w'\fBsss_obfuscate\fR\ 'u
\fBsss_obfuscate\fR [\fIoptions\fR] \fI[PASSWORD]\fR
.SH "DESCRIPTION"
.PP
\fBsss_obfuscate\fR
converts a given password into human\-unreadable format and places it into appropriate domain section of the SSSD config file\&.
.PP
The cleartext password is read from standard input or entered interactively\&. The obfuscated password is put into
\(lqldap_default_authtok\(rq
parameter of a given SSSD domain and the
\(lqldap_default_authtok_type\(rq
parameter is set to
\(lqobfuscated_password\(rq\&. Refer to
\fBsssd-ldap\fR(5)
for more details on these parameters\&.
.PP
Please note that obfuscating the password provides
\fIno real security benefit\fR
as it is still possible for an attacker to reverse\-engineer the password back\&. Using better authentication mechanisms such as client side certificates or GSSAPI is
\fIstrongly\fR
advised\&.
.SH "OPTIONS"
.PP
\fB\-h\fR,\fB\-\-help\fR
.RS 4
Display help message and exit\&.
.RE
.PP
\fB\-s\fR,\fB\-\-stdin\fR
.RS 4
The password to obfuscate will be read from standard input\&.
.RE
.PP
\fB\-d\fR,\fB\-\-domain\fR \fIDOMAIN\fR
.RS 4
The SSSD domain to use the password in\&. The default name is
\(lqdefault\(rq\&.
.RE
.PP
\fB\-f\fR,\fB\-\-file\fR \fIFILE\fR
.RS 4
Read the config file specified by the positional parameter\&.
.sp
Default:
/etc/sssd/sssd\&.conf
.RE
.SH "SEE ALSO"
.PP
\fBsssd\fR(8),
\fBsssd.conf\fR(5),
\fBsssd-ldap\fR(5),
\fBsssd-ldap-attributes\fR(5),
\fBsssd-krb5\fR(5),
\fBsssd-simple\fR(5),
\fBsssd-ipa\fR(5),
\fBsssd-ad\fR(5),
\fBsssd-files\fR(5),
\fBsssd-sudo\fR(5),
\fBsssd-session-recording\fR(5),
\fBsss_cache\fR(8),
\fBsss_debuglevel\fR(8),
\fBsss_obfuscate\fR(8),
\fBsss_seed\fR(8),
\fBsssd_krb5_locator_plugin\fR(8),
\fBsss_ssh_authorizedkeys\fR(8), \fBsss_ssh_knownhostsproxy\fR(8),
\fBsssd-ifp\fR(5),
\fBpam_sss\fR(8)\&.
\fBsss_rpcidmapd\fR(5)
\fBsssd-systemtap\fR(5)
.SH "AUTHORS"
.PP
\fBThe SSSD upstream \- https://github\&.com/SSSD/sssd/\fR