sssd - System Security Services Daemon

Property Value
Distribution openSUSE Tumbleweed
Repository openSUSE Oss all
Package filename sssd-2.1.0-1.1.x86_64.rpm
Package name sssd
Package version 2.1.0
Package release 1.1
Package architecture x86_64
Package type rpm
Category System/Daemons
License GPL-3.0+ and LGPL-3.0+
Maintainer -
Download size 1.09 MB
Installed size 4.18 MB
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.


Package Version Architecture Repository
sssd-2.1.0-1.1.i586.rpm 2.1.0 i586 openSUSE Oss
sssd - - -


Name Value - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
pam-config -
sssd-ldap = 2.1.0-1.1


Name Value
config(sssd) = 2.1.0-1.1 - - - - - - - - - - - - - - - - -
libsss_sudo = 2.1.0-1.1 - - -
sssd = 2.1.0-1.1
sssd(x86-64) = 2.1.0-1.1
sssd-client = 2.1.0-1.1


Name Value
libsss_sudo < 2.1.0-1.1


Type URL
Binary Package sssd-2.1.0-1.1.x86_64.rpm
Source Package sssd-2.1.0-1.1.src.rpm

Install Howto

Install sssd rpm package:

# zypper install sssd




2019-03-16 - Jan Engelhardt <>
- Update to new upstream release 2.1.0
* Any provider can now match and map certificates to user
* pam_sss can now be configured to only perform Smart Card
authentication or return an error if this is not possible.
* pam_sss can also prompt the user to insert a Smart Card if,
during an authentication it is not available.
* A new configuration option ad_gpo_implicit_deny was added.
This option (when set to True) can be used to deny access to
users even if there is not applicable GPO.
* The dynamic DNS update can now batch DNS updates to include
all address family updates in a single transaction.
2019-02-20 - Samuel Cabrero <>
- Install systemd service unit file created from source's template
- Install logrotate configuration (bsc#1004220)
- Set journald as system logger
2019-02-15 - Jan Engelhardt <>
- Add krb-noversion.diff so sssd_pac builds even with newer krb.
2018-10-01 -
- Add dependency to adcli for sssd-ad
(SLE15: fate#326619, bsc#1109849)
(SLE12SP4: fate#326620, bsc#1110121)
2018-09-07 - Jan Engelhardt <>
- Update to new upstream release 2.0.0
* The Python API for managing users and groups in local domains
(id_provider=local) was removed completely. The local
provider (id_provider=local) and the command line tools to
manage users and groups in the local domains, such as
sss_useradd is not built anymore.
* The LDAP provider had a special-case branch for evaluating
group memberships with the RFC2307bis schema when group
nesting was explicitly disabled. This codepath is removed.
* The "ldap_sudo_include_regexp" option changed its default
value from true to false. Wildcards in the sudoHost LDAP
attribute are no longer evaluated. This was costly to
evaluate on the LDAP server side and at the same time rarely
* The list of PAM services which are allowed to authenticate
using a Smart Card is now configurable using a new option
2018-08-31 -
- Update to upstream release 1.16.3
* New Features:
* kdcinfo files for informing krb5 about discovered KDCs are
now also generated for trusted domains in setups that use
id_provider=ad and IPA masters in a trust relationship with
an AD domain.
* The Kerberlos locator plugin can now process multiple
address if SSSD generates more than one. A
* Bug fixes:
* Fixed information leak due to incorrect permissions on
/var/lib/sss/pipes/sudo [CVE-2018-10852, bsc#1098377]
* Cached password are now stored with a salt. Old ones will be
regenerated on next authentication, and the auth server needs
to be reachable for that.
* The sss_ssh proces leaked file descriptors when converting
more than one X.509 certificate to an SSH public key.
* The PAC responder is now able to process Domain Local in case
the PAC uses SID compression (Windows Server 2012+).
* Address the issue that some versions of OpenSSH would close
the pipe towards sss_ssh_authorizedkeys when the matching key
is found before the rest of the output is read.
* User lookups no longer fail if user's e-mail address
conflicts with another user's fully qualified name.
* The override_shell and override_homedir options are no longer
applied to entries from the files domain.
* The grace logins with an expired password when authenticating
against certain newer versions of the 389DS/RHDS LDAP server
did not work.
- Removed patches that are included upstream now:
2018-07-01 -
- Fixed patch name.

See Also

Package Description
sssd-32bit-2.1.0-1.1.x86_64.rpm System Security Services Daemon
sssd-ad-2.1.0-1.1.i586.rpm The ActiveDirectory backend plugin for sssd
sssd-ad-2.1.0-1.1.x86_64.rpm The ActiveDirectory backend plugin for sssd
sssd-dbus-2.1.0-1.1.i586.rpm The D-Bus responder of sssd
sssd-dbus-2.1.0-1.1.x86_64.rpm The D-Bus responder of sssd
sssd-ipa-2.1.0-1.1.i586.rpm FreeIPA backend plugin for sssd
sssd-ipa-2.1.0-1.1.x86_64.rpm FreeIPA backend plugin for sssd
sssd-krb5-2.1.0-1.1.i586.rpm The Kerberos authentication backend plugin for sssd
sssd-krb5-2.1.0-1.1.x86_64.rpm The Kerberos authentication backend plugin for sssd
sssd-krb5-common-2.1.0-1.1.i586.rpm SSSD helpers needed for Kerberos and GSSAPI authentication
sssd-krb5-common-2.1.0-1.1.x86_64.rpm SSSD helpers needed for Kerberos and GSSAPI authentication
sssd-ldap-2.1.0-1.1.i586.rpm The LDAP backend plugin for sssd
sssd-ldap-2.1.0-1.1.x86_64.rpm The LDAP backend plugin for sssd
sssd-proxy-2.1.0-1.1.i586.rpm The proxy backend plugin for sssd
sssd-proxy-2.1.0-1.1.x86_64.rpm The proxy backend plugin for sssd