1SSS_OBFUSCATE(8) SSSD Manual pages SSS_OBFUSCATE(8)
2
6 sss_obfuscate - obfuscate a clear text password
7
9 sss_obfuscate [options] [PASSWORD]
10
12 sss_obfuscate converts a given password into human-unreadable format
13 and places it into appropriate domain section of the SSSD config file.
14 The cleartext password is read from standard input or entered
16 interactively. The obfuscated password is put into
17 “ldap_default_authtok” parameter of a given SSSD domain and the
18 “ldap_default_authtok_type” parameter is set to “obfuscated_password”.
19 Refer to sssd-ldap(5) for more details on these parameters.
20 Please note that obfuscating the password provides no real security
22 benefit as it is still possible for an attacker to reverse-engineer the
23 password back. Using better authentication mechanisms such as client
24 side certificates or GSSAPI is strongly advised.
25
27 -h,--help
28 Display help message and exit.
29 -s,--stdin
31 The password to obfuscate will be read from standard input.
32 -d,--domain DOMAIN
34 The SSSD domain to use the password in. The default name is
35 “default”.
36 -f,--file FILE
38 Read the config file specified by the positional parameter.
39 Default: /etc/sssd/sssd.conf
41
43 sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5),
44 sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-sudo(5), sssd-session-
45 recording(5), sss_cache(8), sss_debuglevel(8), sss_obfuscate(8),
46 sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8),
47 sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8). sss_rpcidmapd(5)
48 sssd-systemtap(5)
49
51 The SSSD upstream - https://github.com/SSSD/sssd/
52SSSD 02/19/2021 SSS_OBFUSCATE(8)