From 766fb1c67f0b0cef0734756704d603df7d322a4c Mon Sep 17 00:00:00 2001

From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>

Date: Wed, 26 Sep 2018 13:32:31 +0200

Subject: [PATCH 16/16] sssd: document that this profile can be used also with

 sssd disabled

https://github.com/pbrezina/authselect/issues/99

---

 profiles/sssd/README | 14 ++++++++++++--

 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/profiles/sssd/README b/profiles/sssd/README

index 42293ab39c628c285921b8b47c4a763fd0215472..c597afecff112e8af7905de9b6a8db77d5c3227c 100644

--- a/profiles/sssd/README

+++ b/profiles/sssd/README

@@ -1,5 +1,5 @@

-Enable SSSD for system authentication

-=====================================

+Enable SSSD for system authentication (also for local users only)

+=================================================================

 Selecting this profile will enable SSSD as the source of identity

 and authentication providers.

@@ -12,6 +12,16 @@ to connect to multiple different account sources.

 More information about SSSD can be found on its project page:

 https://pagure.io/SSSD/sssd

+By default, local users are served from SSSD rather then local files if SSSD

+is enabled (however they authenticate via pam_unix). This have a performance

+benefit since SSSD caches the files content in fast in-memory cache and thus

+reduces number of disk operations.

+

+However, if you do not want to keep SSSD running on your machine, you can

+keep this profile selected and just disable SSSD service. The resulting

+configuration will still work correctly even with SSSD disabled and local users

+and groups will be read from local files directly.

+

 SSSD CONFIGURATION

 ------------------

-- 

2.17.1