[bangboombang]

It sounds like enterprisey RedHat trash. Probably for better Active Directory integration, hence only CIFS is mentioned but not NFS.

And they might actually achieve this there, since SSSD is another abomination that kinda does that and mostly works, but once it doesn't and you try to debug it, you want to stab yourself in the brain with a dumb object.

For any other distro, I very much hope this thing is not enabled or even installed by default. Since I don't get the complaints about ecryptfs. I've been using it since around 2012 on multiple machines, multiple dist-upgrades and password changes and it never failed me once. Oh and SSHing into the machine works as expected!

[sekh60]

What is wrong with SSSD? Granted I have never used AD, but I have a domain set up with FreeIPA and it just works for the most part. The logs are pretty detailed when the rare issue comes up, and being kerberos based 80% of the time it's a time sync issue.

[bangboombang]

There have been several issues over time. My general problem with it was complexity. What finally broke the camel's back for me was that for unexplained reasons, sssd stayed in "offline mode" after system standby for 30-60 seconds. We could validate that the network connection was back up after max. 5 seconds, but there was no way to get this thing to go online again. So basically we had to tell our users that they won't be able to login after system standby for a minute or so.

This was impossible to debug. You could send some signal (USR1 or 2 iirc) to sssd to force it into online mode, we even tried a crude script that would run after system resume and spam sssd with that signal for a minute to no avail. Shortly after I left that department the decision was made to move to Centrify. It's a pita in other ways apparently, but everything I know about it is just from hearsay from old colleagues aynways.