RHEL8 Identity

Share this link


  • SSSD connects Linux system to central identity stores (IdM, AD, LDAP)
  • All information is cached locally for offline use
  • Advanced integration with IdM and AD, integration with Linux (SUDO, SELinux, 2FA)

Modules Evolution

  • pam_pkcs11 is abandoned (upstream decision)
  • nss_ldap & pam_ldap will be removed in next major release, bug fix only in RHEL 8
  • SSSD introduces Kerberos Credential Manager service
modules evolution


  • Brand new tool replacing authconfig
    • Main motivation: administrator no longer builds a PAM stack by a tool (potentially ending with broken configuration), but rather selects a tested PAM profile
    • Other motivations: authconfig was a dated component (initiated back in 1999), with no Python 3 support and deprecated GUI (Python 2.7 will EOL support in 2020)
  • Benefits
    • Properly tested profiles – lower risk of lock out 
    • Clarity and quality – profiles are easy to read, modify and test
    • Custom profiles – allows administrator to create and ship own profiles in /etc/authselect/custom
    • Smaller footprint, written in C
  • Scope: configures authentication and identity resources
    • Generates /etc/nsswitch.conf and PAM configuration from selected profile
    • Does not configure actual PAM modules, done by ipa-client-install, realmd, Ansible
  • Compatibility: for applications, scripts and kickstarts that were relaying on the authconfig, there is now a wrapper around authselect
    • It is translating calls to authconfig into calls to authselect
    • Not all options are supported but the main ones are
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Upcoming Events (Local Time)

  1. Jan

    1. 9:00 am - View Details
      CentOS: Dojo, Brussels, Belgium.

RHCSA7: Task of the day

Allowed time: 10 minutes.
Create an EXT4 file system mounted by UUID in /etc/fstab under /vol based on a logical volume of 28 logical extents.

RHCE7: Task of the day

Allowed time: 10 minutes.
Change the SSH process configuration to only listen on the 443 port.

Follow me on Twitter

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...