diff --git a/Makefile.am b/Makefile.am
index 661e9447d5..fb5482f101 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -3963,6 +3963,7 @@ endif
init_SCRIPTS =
systemdunit_DATA =
systemdconf_DATA =
+sssd_dependent_services =
if HAVE_SYSTEMD_UNIT
systemdunit_DATA += \
src/sysv/systemd/sssd.service \
@@ -3974,11 +3975,15 @@ if HAVE_SYSTEMD_UNIT
src/sysv/systemd/sssd-secrets.socket \
src/sysv/systemd/sssd-secrets.service \
$(NULL)
+
+sssd_dependent_services += sssd-nss.socket sssd-pam.socket
if BUILD_AUTOFS
systemdunit_DATA += \
src/sysv/systemd/sssd-autofs.socket \
src/sysv/systemd/sssd-autofs.service \
$(NULL)
+
+sssd_dependent_services += sssd-autofs.socket
endif
if BUILD_IFP
systemdunit_DATA += \
@@ -3990,18 +3995,24 @@ if BUILD_PAC_RESPONDER
src/sysv/systemd/sssd-pac.socket \
src/sysv/systemd/sssd-pac.service \
$(NULL)
+
+sssd_dependent_services += sssd-pac.socket
endif
if BUILD_SSH
systemdunit_DATA += \
src/sysv/systemd/sssd-ssh.socket \
src/sysv/systemd/sssd-ssh.service \
$(NULL)
+
+sssd_dependent_services += sssd-ssh.socket
endif
if BUILD_SUDO
systemdunit_DATA += \
src/sysv/systemd/sssd-sudo.socket \
src/sysv/systemd/sssd-sudo.service \
$(NULL)
+
+sssd_dependent_services += sssd-sudo.socket
endif
if WITH_JOURNALD
systemdconf_DATA += \
@@ -4044,7 +4055,8 @@ edit_cmd = $(SED) \
-e 's|@libexecdir[@]|$(libexecdir)|g' \
-e 's|@pipepath[@]|$(pipepath)|g' \
-e 's|@prefix[@]|$(prefix)|g' \
- -e 's|@SSSD_USER[@]|$(SSSD_USER)|g'
+ -e 's|@SSSD_USER[@]|$(SSSD_USER)|g' \
+ -e 's|@sssd_dependent_services[@]|${sssd_dependent_services}|g'
replace_script = \
@rm -f $@ $@.tmp; \
diff --git a/src/man/sssd-sudo.5.xml b/src/man/sssd-sudo.5.xml
index 5bc56c4633..cb085419ab 100644
--- a/src/man/sssd-sudo.5.xml
+++ b/src/man/sssd-sudo.5.xml
@@ -110,8 +110,7 @@ ldap_sudo_search_base = ou=sudoers,dc=example,dc=com
It's important to note that on platforms where systemd is supported
there's no need to add the "sudo" provider to the list of services,
- as it became optional. However, sssd-sudo.socket must be enabled
- instead.
+ as it became optional.
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index cb608cb0ac..9a9eb542c4 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -218,9 +218,10 @@
- By default, all services are disabled and the administrator
- must enable the ones allowed to be used by executing:
- "systemctl enable sssd-@service@.socket".
+ By default, all services are enabled.
+ In case the Administrator wants to persistently disable
+ one of them, it can be done by running:
+ "systemctl mask sssd-@service@.socket"
diff --git a/src/sysv/systemd/sssd.service.in b/src/sysv/systemd/sssd.service.in
index 05cfd37050..9264d4b06d 100644
--- a/src/sysv/systemd/sssd.service.in
+++ b/src/sysv/systemd/sssd.service.in
@@ -2,7 +2,7 @@
Description=System Security Services Daemon
# SSSD must be running before we permit user sessions
Before=systemd-user-sessions.service nss-user-lookup.target
-Wants=nss-user-lookup.target
+Wants=nss-user-lookup.target @sssd_dependent_services@
[Service]
EnvironmentFile=-@environment_file@