1SSSD(8)                        SSSD Manual pages                       SSSD(8)
2
3
4

NAME

6       sssd - System Security Services Daemon
7

SYNOPSIS

9       sssd [options]
10

DESCRIPTION

12       SSSD provides a set of daemons to manage access to remote directories
13       and authentication mechanisms. It provides an NSS and PAM interface
14       toward the system and a pluggable backend system to connect to multiple
15       different account sources as well as D-Bus interface. It is also the
16       basis to provide client auditing and policy services for projects like
17       FreeIPA. It provides a more robust database to store local users as
18       well as extended user data.
19

OPTIONS

21       -d,--debug-level LEVEL
22           SSSD supports two representations for specifying the debug level.
23           The simplest is to specify a decimal value from 0-9, which
24           represents enabling that level and all lower-level debug messages.
25           The more comprehensive option is to specify a hexadecimal bitmask
26           to enable or disable specific levels (such as if you wish to
27           suppress a level).
28
29           Please note that each SSSD service logs into its own log file. Also
30           please note that enabling “debug_level” in the “[sssd]” section
31           only enables debugging just for the sssd process itself, not for
32           the responder or provider processes. The “debug_level” parameter
33           should be added to all sections that you wish to produce debug logs
34           from.
35
36           In addition to changing the log level in the config file using the
37           “debug_level” parameter, which is persistent, but requires SSSD
38           restart, it is also possible to change the debug level on the fly
39           using the sss_debuglevel(8) tool.
40
41           Currently supported debug levels:
42
43           0, 0x0010: Fatal failures. Anything that would prevent SSSD from
44           starting up or causes it to cease running.
45
46           1, 0x0020: Critical failures. An error that doesn't kill SSSD, but
47           one that indicates that at least one major feature is not going to
48           work properly.
49
50           2, 0x0040: Serious failures. An error announcing that a particular
51           request or operation has failed.
52
53           3, 0x0080: Minor failures. These are the errors that would
54           percolate down to cause the operation failure of 2.
55
56           4, 0x0100: Configuration settings.
57
58           5, 0x0200: Function data.
59
60           6, 0x0400: Trace messages for operation functions.
61
62           7, 0x1000: Trace messages for internal control functions.
63
64           8, 0x2000: Contents of function-internal variables that may be
65           interesting.
66
67           9, 0x4000: Extremely low-level tracing information.
68
69           10, 0x10000: Even more low-level libldb tracing information. Almost
70           never really required.
71
72           To log required bitmask debug levels, simply add their numbers
73           together as shown in following examples:
74
75           Example: To log fatal failures, critical failures, serious failures
76           and function data use 0x0270.
77
78           Example: To log fatal failures, configuration settings, function
79           data, trace messages for internal control functions use 0x1310.
80
81           Note: The bitmask format of debug levels was introduced in 1.7.0.
82
83           Default: 0x0070 (i.e. fatal, critical and serious failures;
84           corresponds to setting 2 in decimal notation)
85
86       --debug-timestamps=mode
87           1: Add a timestamp to the debug messages
88
89           0: Disable timestamp in the debug messages
90
91           Default: 1
92
93       --debug-microseconds=mode
94           1: Add microseconds to the timestamp in debug messages
95
96           0: Disable microseconds in timestamp
97
98           Default: 0
99
100       -f,--debug-to-files
101           Send the debug output to files instead of stderr. By default, the
102           log files are stored in /var/log/sssd and there are separate log
103           files for every SSSD service and domain.
104
105           This option is deprecated. It is replaced by --logger=files.
106
107       --logger=value
108           Location where SSSD will send log messages. This option overrides
109           the value of the deprecated option --debug-to-files. The deprecated
110           option will still work if the --logger is not used.
111
112           stderr: Redirect debug messages to standard error output.
113
114           files: Redirect debug messages to the log files. By default, the
115           log files are stored in /var/log/sssd and there are separate log
116           files for every SSSD service and domain.
117
118           journald: Redirect debug messages to systemd-journald
119
120           Default: not set
121
122       -D,--daemon
123           Become a daemon after starting up.
124
125       -i,--interactive
126           Run in the foreground, don't become a daemon.
127
128       -c,--config
129           Specify a non-default config file. The default is
130           /etc/sssd/sssd.conf. For reference on the config file syntax and
131           options, consult the sssd.conf(5) manual page.
132
133       -g,--genconf
134           Do not start the SSSD, but refresh the configuration database from
135           the contents of /etc/sssd/sssd.conf and exit.
136
137       -s,--genconf-section
138           Similar to “--genconf”, but only refresh a single section from the
139           configuration file. This option is useful mainly to be called from
140           systemd unit files to allow socket-activated responders to refresh
141           their configuration without requiring the administrator to restart
142           the whole SSSD.
143
144       -?,--help
145           Display help message and exit.
146
147       --version
148           Print version number and exit.
149

SIGNALS

151       SIGTERM/SIGINT
152           Informs the SSSD to gracefully terminate all of its child processes
153           and then shut down the monitor.
154
155       SIGHUP
156           Tells the SSSD to stop writing to its current debug file
157           descriptors and to close and reopen them. This is meant to
158           facilitate log rolling with programs like logrotate.
159
160       SIGUSR1
161           Tells the SSSD to simulate offline operation for the duration of
162           the “offline_timeout” parameter. This is useful for testing. The
163           signal can be sent to either the sssd process or any sssd_be
164           process directly.
165
166       SIGUSR2
167           Tells the SSSD to go online immediately. This is useful for
168           testing. The signal can be sent to either the sssd process or any
169           sssd_be process directly.
170

NOTES

172       If the environment variable SSS_NSS_USE_MEMCACHE is set to "NO", client
173       applications will not use the fast in-memory cache.
174

SEE ALSO

176       sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5),
177       sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-sudo(5), sssd-session-
178       recording(5), sss_cache(8), sss_debuglevel(8), sss_obfuscate(8),
179       sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8),
180       sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8).  sss_rpcidmapd(5)
181       sssd-systemtap(5)
182

AUTHORS

184       The SSSD upstream - https://github.com/SSSD/sssd/
185
186
187
188SSSD                              02/19/2021                           SSSD(8)
Impressum