SSSD (System Security Services Daemon) offers access to remote identity and authentication mechanisms, referred to as providers. It allows those providers to be plugged in as SSSD back-ends, abstracting the local and network identity and authentication sources and allowing any kind of identity data provider to be plugged in. A domain is a database containing user information, which may serve as the source of a provider’s identity information. Multiple identity providers are supported, allowing two or more identity servers to act as separate user namespaces. Collected information is available to applications on the front-end through standard PAM and NSS interfaces.

SSSD runs as a suite of services, independent of the applications that use it. Those applications therefore no longer need to make their own connections to remote domains, or even be aware of which is being used. Robust local caching of identity and group membership information allows operations regardless of where identity comes from (e.g., LDAP, NIS, IPA, DB, Samba, etc.), offers improved performance, and allows authentication to be performed even when operating offline and online authentication is unavailable. SSSD also allows the use of multiple providers of the same type (e.g., multiple LDAP providers) and allows domain-qualified identity requests to be resolved by those different providers. Further details can found in the Red Hat Enterprise Linux 6 Deployment Guide.