Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
SSSD(8)			       SSSD Manual pages		       SSSD(8)

       sssd - System Security Services Daemon

       sssd [options]

       SSSD provides a set of daemons to manage	access to remote directories
       and authentication mechanisms. It provides an NSS and PAM interface
       toward the system and a pluggable backend system	to connect to multiple
       different account sources as well as D-Bus interface. It	is also	the
       basis to	provide	client auditing	and policy services for	projects like
       FreeIPA.	It provides a more robust database to store local users	as
       well as extended	user data.

       -d,--debug-level	LEVEL
	   SSSD	supports two representations for specifying the	debug level.
	   The simplest	is to specify a	decimal	value from 0-9,	which
	   represents enabling that level and all lower-level debug messages.
	   The more comprehensive option is to specify a hexadecimal bitmask
	   to enable or	disable	specific levels	(such as if you	wish to
	   suppress a level).

	   Currently supported debug levels:

	   0, 0x0010: Fatal failures. Anything that would prevent SSSD from
	   starting up or causes it to cease running.

	   1, 0x0020: Critical failures. An error that doesn't kill the	SSSD,
	   but one that	indicates that at least	one major feature is not going
	   to work properly.

	   2, 0x0040: Serious failures.	An error announcing that a particular
	   request or operation	has failed.

	   3, 0x0080: Minor failures. These are	the errors that	would
	   percolate down to cause the operation failure of 2.

	   4, 0x0100: Configuration settings.

	   5, 0x0200: Function data.

	   6, 0x0400: Trace messages for operation functions.

	   7, 0x1000: Trace messages for internal control functions.

	   8, 0x2000: Contents of function-internal variables that may be

	   9, 0x4000: Extremely	low-level tracing information.

	   To log required bitmask debug levels, simply	add their numbers
	   together as shown in	following examples:

	   Example: To log fatal failures, critical failures, serious failures
	   and function	data use 0x0270.

	   Example: To log fatal failures, configuration settings, function
	   data, trace messages	for internal control functions use 0x1310.

	   Note: The bitmask format of debug levels was	introduced in 1.7.0.

	   Default: 0

	   1: Add a timestamp to the debug messages

	   0: Disable timestamp	in the debug messages

	   Default: 1

	   1: Add microseconds to the timestamp	in debug messages

	   0: Disable microseconds in timestamp

	   Default: 0

	   Send	the debug output to files instead of stderr. By	default, the
	   log files are stored	in /var/log/sssd and there are separate	log
	   files for every SSSD	service	and domain.

	   Become a daemon after starting up.

	   Run in the foreground, don't	become a daemon.

	   Specify a non-default config	file. The default is
	   /usr/local/etc/sssd/sssd.conf. For reference	on the config file
	   syntax and options, consult the sssd.conf(5)	manual page.

	   Display help	message	and exit.

	   Print version number	and exit.

	   Informs the SSSD to gracefully terminate all	of its child processes
	   and then shut down the monitor.

	   Tells the SSSD to stop writing to its current debug file
	   descriptors and to close and	reopen them. This is meant to
	   facilitate log rolling with programs	like logrotate.

	   Tells the SSSD to simulate offline operation	for one	minute.	This
	   is mostly useful for	testing	purposes.

	   Tells the SSSD to go	online immediately. This is mostly useful for
	   testing purposes.

       Environment variable SSS_NSS_USE_MEMCACHE
	   If the environment variable SSS_NSS_USE_MEMCACHE is set to "NO",
	   client applications will not	use the	fast in-memory cache.

       Amount of time SSSD spends in offline mode
	   When	SSSD switches to offline mode, the amount of time before it
	   tries to go back online will	increase based upon the	time spent
	   disconnected. This value is in seconds and calculated by the

	   60 +	random_offset

	   The random offset can increment up to 30 seconds. After each
	   unsuccessful	attempt	to go online, the new interval is recalculated
	   by the following:

	   new_interval	= old_interval*2 + random_offset

	   Note	that the maximum length	of each	interval is currently limited
	   to one hour.	If the calculated length of new_interval is greater
	   than	an hour, it will be forced to one hour.

       sssd(8),	sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5),
       sssd-ipa(5), sssd-ad(5),	sssd-sudo(5), sss_cache(8), sss_debuglevel(8),
       sss_groupadd(8),	sss_groupdel(8), sss_groupshow(8), sss_groupmod(8),
       sss_useradd(8), sss_userdel(8), sss_usermod(8), sss_obfuscate(8),
       sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8),
       sss_ssh_knownhostsproxy(8), sssd-ifp(5),	pam_sss(8).

       The SSSD	upstream -

SSSD				  08/28/2020			       SSSD(8)


Want to link to this manual page? Use this URL:

home | help