SSSD publicity problem

Stephen Gallagher sgallagh at
Mon Apr 12 17:46:18 UTC 2010

Hash: SHA1

On 04/12/2010 01:35 PM, Stephen John Smoogen wrote:
> On Mon, Apr 12, 2010 at 11:13 AM, Stephen Gallagher <sgallagh at> wrote:
> I'm trying to figure out how to do a little PR around the SSSD (the
> System Security Services Daemon). I've been tracking mentions of it
> around the web with Google Alerts and in the last few weeks, there have
> been several dozen hits... all in the Ubuntu context -_-
> So I'm looking for advice on how to draw attention to the fact that this
> is a Fedora project. And moreover, works better on Fedora, since we have
> authconfig making setup a breeze.
> The SSSD is an advertised Feature for Fedora 13:
> My main concern is that most of the chatter that Google Alerts has been
> picking up have been leading back to blogs written about the Ubuntu
> package of SSSD (which is an older version than what is available in
> Fedora and also has no UI for configuring it).
>> Ok lets look at the following:

>> 1) What does it do?
We're targeting it as a replacement for nss_ldap, pam_ldap and pam_krb5.
The main idea is that it handles cached authentication. It's target is
mainly for larger Fedora deployments that use centralized
authentication. Within this group, there are two main use-cases we're
1) Laptop users. With the SSSD, there's no longer a need to maintain a
separate local user account. You will be able to sign in with your
centrally-managed account even when not connected to the LDAP/Kerberos
server. The SSSD caches credentials so that if the server is
unavailable, the user can still gain access to their local machine.
2) Datacenter servers that rely on LDAP and/or Kerberos for
authentication will be able to survive authentication outages.

>> 2) How does it work?
Quite well, thank you :)

>> 3) Why should I be excited about it?
In the case of a laptop user, no more managing two sets of passwords to
get into your system. Plus, with Kerberos, if you log in online, it will
automatically use your login credentials to acquire your Kerberos
ticket-granting ticket for access to network credentials. (And if you're
offline, integration with krb5-auth-dialog will make sure you can easily
acquire that ticket when you go online)

>> 4) Can we make a video that shows this all to put up on the tubes somewhere.
I'm not sure what we can do for a video. I suppose we could record a
Fedora 13 install, setting up the SSSD with authconfig during firstboot
and then demonstrating how it works by simulating offline behavior with
'service [network|Network Manager] stop'

> I've written the occasional blog post about SSSD, but they don't seem to
> get picked up and reprinted in nearly as many places as the Ubuntu blogs
> do. I'd really like for us to find a way to clue people in that the SSSD
> is, first and foremost, a Fedora project.
- --
marketing mailing list
marketing at

- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora -


More information about the marketing mailing list