we run various centos releases from 5.4 to 6.5. some of the early os releases packages from rhel is pretty old, older than LTM by looks of it. what would be general rule of thumb for the sssd version? run two separate latest custom version per 5 and 6? my main focus with sssd would be to ensure ldap connectivty via SRV + off auth while ldap is not available. Not sure when SRV support was introduced and how stable it is. your feedback is much appreciates.