|SSS_OBFUSCATE(8)||SSSD Manual pages||SSS_OBFUSCATE(8)|
sss_obfuscate [options] [PASSWORD]
The cleartext password is read from standard input or entered interactively. The obfuscated password is put into “ldap_default_authtok” parameter of a given SSSD domain and the “ldap_default_authtok_type” parameter is set to “obfuscated_password”. Refer to sssd-ldap(5) for more details on these parameters.
Please note that obfuscating the password provides no real security benefit as it is still possible for an attacker to reverse-engineer the password back. Using better authentication mechanisms such as client side certificates or GSSAPI is strongly advised.