1SSSD(8)                        SSSD Manual pages                       SSSD(8)
2
3
4

NAME

6       sssd - System Security Services Daemon
7

SYNOPSIS

9       sssd [options]
10

DESCRIPTION

12       SSSD provides a set of daemons to manage access to remote directories
13       and authentication mechanisms. It provides an NSS and PAM interface
14       toward the system and a pluggable backend system to connect to multiple
15       different account sources as well as D-Bus interface. It is also the
16       basis to provide client auditing and policy services for projects like
17       FreeIPA. It provides a more robust database to store local users as
18       well as extended user data.
19

OPTIONS

21       -d,--debug-level LEVEL
22           SSSD supports two representations for specifying the debug level.
23           The simplest is to specify a decimal value from 0-9, which
24           represents enabling that level and all lower-level debug messages.
25           The more comprehensive option is to specify a hexadecimal bitmask
26           to enable or disable specific levels (such as if you wish to
27           suppress a level).
28
29           Please note that each SSSD service logs into its own log file. Also
30           please note that enabling “debug_level” in the “[sssd]” section
31           only enables debugging just for the sssd process itself, not for
32           the responder or provider processes. The “debug_level” parameter
33           should be added to all sections that you wish to produce debug logs
34           from.
35
36           In addition to changing the log level in the config file using the
37           “debug_level” parameter, which is persistent, but requires SSSD
38           restart, it is also possible to change the debug level on the fly
39           using the sss_debuglevel(8) tool.
40
41           Currently supported debug levels:
42
43           0, 0x0010: Fatal failures. Anything that would prevent SSSD from
44           starting up or causes it to cease running.
45
46           1, 0x0020: Critical failures. An error that doesn't kill SSSD, but
47           one that indicates that at least one major feature is not going to
48           work properly.
49
50           2, 0x0040: Serious failures. An error announcing that a particular
51           request or operation has failed.
52
53           3, 0x0080: Minor failures. These are the errors that would
54           percolate down to cause the operation failure of 2.
55
56           4, 0x0100: Configuration settings.
57
58           5, 0x0200: Function data.
59
60           6, 0x0400: Trace messages for operation functions.
61
62           7, 0x1000: Trace messages for internal control functions.
63
64           8, 0x2000: Contents of function-internal variables that may be
65           interesting.
66
67           9, 0x4000: Extremely low-level tracing information.
68
69           To log required bitmask debug levels, simply add their numbers
70           together as shown in following examples:
71
72           Example: To log fatal failures, critical failures, serious failures
73           and function data use 0x0270.
74
75           Example: To log fatal failures, configuration settings, function
76           data, trace messages for internal control functions use 0x1310.
77
78           Note: The bitmask format of debug levels was introduced in 1.7.0.
79
80           Default: 0
81
82       --debug-timestamps=mode
83           1: Add a timestamp to the debug messages
84
85           0: Disable timestamp in the debug messages
86
87           Default: 1
88
89       --debug-microseconds=mode
90           1: Add microseconds to the timestamp in debug messages
91
92           0: Disable microseconds in timestamp
93
94           Default: 0
95
96       -f,--debug-to-files
97           Send the debug output to files instead of stderr. By default, the
98           log files are stored in /var/log/sssd and there are separate log
99           files for every SSSD service and domain.
100
101           This option is deprecated. It is replaced by --logger=files.
102
103       --logger=value
104           Location where SSSD will send log messages. This option overrides
105           the value of the deprecated option --debug-to-files. The deprecated
106           option will still work if the --logger is not used.
107
108           stderr: Redirect debug messages to standard error output.
109
110           files: Redirect debug messages to the log files. By default, the
111           log files are stored in /var/log/sssd and there are separate log
112           files for every SSSD service and domain.
113
114           journald: Redirect debug messages to systemd-journald
115
116           Default: not set
117
118       -D,--daemon
119           Become a daemon after starting up.
120
121       -i,--interactive
122           Run in the foreground, don't become a daemon.
123
124       -c,--config
125           Specify a non-default config file. The default is
126           /etc/sssd/sssd.conf. For reference on the config file syntax and
127           options, consult the sssd.conf(5) manual page.
128
129       -g,--genconf
130           Do not start the SSSD, but refresh the configuration database from
131           the contents of /etc/sssd/sssd.conf and exit.
132
133       -s,--genconf-section
134           Similar to “--genconf”, but only refresh a single section from the
135           configuration file. This option is useful mainly to be called from
136           systemd unit files to allow socket-activated responders to refresh
137           their configuration without requiring the administrator to restart
138           the whole SSSD.
139
140       -?,--help
141           Display help message and exit.
142
143       --version
144           Print version number and exit.
145

SIGNALS

147       SIGTERM/SIGINT
148           Informs the SSSD to gracefully terminate all of its child processes
149           and then shut down the monitor.
150
151       SIGHUP
152           Tells the SSSD to stop writing to its current debug file
153           descriptors and to close and reopen them. This is meant to
154           facilitate log rolling with programs like logrotate.
155
156       SIGUSR1
157           Tells the SSSD to simulate offline operation for the duration of
158           the “offline_timeout” parameter. This is useful for testing. The
159           signal can be sent to either the sssd process or any sssd_be
160           process directly.
161
162       SIGUSR2
163           Tells the SSSD to go online immediately. This is useful for
164           testing. The signal can be sent to either the sssd process or any
165           sssd_be process directly.
166

NOTES

168       If the environment variable SSS_NSS_USE_MEMCACHE is set to "NO", client
169       applications will not use the fast in-memory cache.
170

SEE ALSO

172       sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5),
173       sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-sudo(5), sssd-session-
174       recording(5), sss_cache(8), sss_debuglevel(8), sss_obfuscate(8),
175       sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8),
176       sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8).  sss_rpcidmapd(5)
177       sssd-systemtap(5)
178

AUTHORS

180       The SSSD upstream - https://pagure.io/SSSD/sssd/
181
182
183
184SSSD                              02/26/2020                           SSSD(8)
Impressum