From Fedora Project Wiki

About this Project

What is SSSD?

SSSD (an acronym for 'System Security Services Daemon') is a Fedora Hosted free software project that aims to provide access to identity and authentication remote resource through a common framework that can provide caching and offline support to the system. It provides PAM and NSS modules, as well as D-BUS based interfaces. It provides also a better database to store local users as well as extended user data.

What is system-config-auth?

System-config-auth is a GUI utility used to set up both local and network authentication (user logins) to the system it runs on. The current legacy UI is very old. SSSD, a new system, is a much better technical solution to managing authentication than the legacy system. However, SSSD does not yet support as many authentication methods as the legacy system.

The legacy system is best classified as a set of cobbled-together technology pieces, while SSSD is more integrated.

What login/authentication methods does SSSD support? What methods are supported by the legacy system?


For looking up user accounts on the network, SSSD supports:

  • LDAP servers (including POSIX-friendly Active Directory servers)
  • IPA servers

NIS will be supported in the future.

For actual authentication, SSSD supports:

  • Kerberos passwords
  • LDAP passwords
  • IPA passwords

Legacy System

The legacy system supports non-POSIX Active Directory servers via Winbind, Hesiod servers, NIS, smartcards, and fingerprint readers.

Current UI

Here is a gallery of the current system-config-authentication UI from Fedora 12, taken 09 February 2010. Note that this UI is quite old, but the 'SSSD settings' tab was added recently as part of the first phase to integrate SSSD into Fedora 12.