1SSSD_KRB5_LOCALAUTH_(8)        SSSD Manual pages       SSSD_KRB5_LOCALAUTH_(8)
2
3
4

NAME

6       sssd_krb5_localauth_plugin - Kerberos local authorization plugin
7

DESCRIPTION

9       The Kerberos local authorization plugin sssd_krb5_localauth_plugin is
10       used by libkrb5 to either find the local name for a given Kerberos
11       principal or to check if a given local name and a given Kerberos
12       principal relate to each other.
13
14       SSSD handles the local names for users from a remote source and can
15       read the Kerberos user principal name from the remote source as well.
16       With this information SSSD can easily handle the mappings mentioned
17       above even if the local name and the Kerberos principal differ
18       considerably.
19
20       Additionally with the information read from the remote source SSSD can
21       help to prevent unexpected or unwanted mappings in case the user part
22       of the Kerberos principal accidentally corresponds to a local name of a
23       different user. By default libkrb5 might just strip the realm part of
24       the Kerberos principal to get the local name which would lead to wrong
25       mappings in this case.
26

CONFIGURATION

28       The Kerberos local authorization plugin must be enabled explicitly in
29       the Kerberos configuration, see krb5.conf(5). SSSD will create a config
30       snippet with the content like e.g.
31
32           [plugins]
33            localauth = {
34             module = sssd:/usr/lib64/sssd/modules/sssd_krb5_localauth_plugin.so
35            }
36
37       automatically in the SSSD's public Kerberos configuration snippet
38       directory. If this directory is included in the local Kerberos
39       configuration the plugin will be enabled automatically.
40

SEE ALSO

42       sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5),
43       sssd-ipa(5), sssd-ad(5), sssd-files(5), sssd-sudo(5), sssd-session-
44       recording(5), sss_cache(8), sss_debuglevel(8), sss_obfuscate(8),
45       sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8),
46       sss_ssh_knownhostsproxy(8), sssd-ifp(5), pam_sss(8).  sss_rpcidmapd(5)
47       sssd-systemtap(5)
48

AUTHORS

50       The SSSD upstream - https://github.com/SSSD/sssd/
51
52
53
54SSSD                              12/09/2022           SSSD_KRB5_LOCALAUTH_(8)
Impressum