NAME¶
sss_obfuscate - obfuscate a clear text password
SYNOPSIS¶
sss_obfuscate
[ options] [PASSWORD]
DESCRIPTION¶
sss_obfuscate converts a given password into human-unreadable format and
places it into appropriate domain section of the SSSD config file.
The cleartext password is read from standard input or entered interactively. The
obfuscated password is put into “ldap_default_authtok” parameter
of a given SSSD domain and the “ldap_default_authtok_type”
parameter is set to “obfuscated_password”. Refer to
sssd-ldap(5) for more details on these parameters.
Please note that obfuscating the password provides
no real security
benefit as it is still possible for an attacker to reverse-engineer the
password back. Using better authentication mechanisms such as client side
certificates or GSSAPI is
strongly advised.
OPTIONS¶
-h,
--help
Display help message and exit.
-s,
--stdin
The password to obfuscate will be read from
standard input.
-d,
--domain DOMAIN
The SSSD domain to use the password in. The
default name is “default”.
-f,
--file FILE
Read the config file specified by the
positional parameter.
Default: /etc/sssd/sssd.conf
SEE ALSO¶
sssd(8),
sssd.conf(5),
sssd-ldap(5),
sssd-krb5(5),
sssd-simple(5),
sssd-ipa(5),
sssd-ad(5),
sssd-sudo(5),
sss_cache(8),
sss_debuglevel(8),
sss_groupadd(8),
sss_groupdel(8),
sss_groupshow(8),
sss_groupmod(8),
sss_useradd(8),
sss_userdel(8),
sss_usermod(8),
sss_obfuscate(8),
sss_seed(8),
sssd_krb5_locator_plugin(8),
sss_ssh_authorizedkeys(8),
sss_ssh_knownhostsproxy(8),
sssd-ifp(5),
pam_sss(8).
AUTHORS¶
The SSSD upstream - http://fedorahosted.org/sssd
