diff --git a/security/sssd2/Makefile b/security/sssd2/Makefile
new file mode 100644
index 0000000..168154d
--- /dev/null
+++ b/security/sssd2/Makefile
@@ -0,0 +1,201 @@
+PORTNAME=	sssd
+PORTVERSION=	2.9.4
+PORTREVISION=	5
+CATEGORIES=	security
+PKGNAMESUFFIX=	2
+
+MAINTAINER=	jhixson@FreeBSD.org
+COMMENT=	System Security Services Daemon
+WWW=		https://sssd.io/
+
+LICENSE=	GPLv3+
+LICENSE_FILE=	${WRKSRC}/COPYING
+
+CONFLICTS_INSTALL?=	sssd*
+
+BUILD_DEPENDS=	bash:shells/bash \
+		docbook-xsl>=1:textproc/docbook-xsl \
+		krb5>=1.20:security/krb5 \
+		p11-kit:security/p11-kit \
+		nsupdate:dns/bind-tools \
+		xmlcatalog:textproc/libxml2 \
+		xmlcatmgr:textproc/xmlcatmgr \
+		xsltproc:textproc/libxslt
+
+LIB_DIRS+=	${LOCALBASE}/lib ${LOCALBASE}/lib/sasl2
+LIB_DEPENDS=	libcares.so:dns/c-ares \
+		libcom_err.so:security/krb5 \
+		libcurl.so:ftp/curl \
+		libdbus-1.so:devel/dbus \
+		libdhash.so:devel/ding-libs \
+		libfido2.so:security/libfido2 \
+		libgssapi_krb5.so:security/krb5 \
+		libinotify.so:devel/libinotify \
+		libjansson.so:devel/jansson \
+		libjose.so:net/jose \
+		libkrb5.so:security/krb5 \
+		libldb.so:databases/ldb22 \
+		libndr-krb5pac.so:net/samba416 \
+		libndr-nbt.so:net/samba416 \
+		libndr-standard.so:net/samba416 \
+		libndr.so:net/samba416 \
+		libnfs.so:net/libnfs \
+		libnss3.so:security/nss \
+		libp11-kit.so:security/p11-kit \
+		libpcre2-posix.so:devel/pcre2 \
+		libplds4.so:devel/nspr \
+		libpopt.so:devel/popt \
+		libsamba-util.so:net/samba416 \
+		libsasl2.so:security/cyrus-sasl2 \
+		libsmbclient.so:net/samba416 \
+		libtalloc.so:devel/talloc \
+		libtdb.so:databases/tdb \
+		libtevent.so:devel/tevent \
+		libunistring.so:devel/libunistring \
+		libuuid.so:misc/e2fsprogs-libuuid
+
+RUN_DEPENDS=	cyrus-sasl-gssapi>0:security/cyrus-sasl2-gssapi
+
+USES=	autoreconf cpe gettext gmake gssapi:bootstrap,flags,mit iconv ldap \
+	libtool localbase:ldflags pathfix pkgconfig python:3.9+ shebangfix ssl
+
+USE_LDCONFIG=	yes
+GNU_CONFIGURE=	yes
+
+INSTALL_TARGET=	install-strip
+CPE_VENDOR=	fedoraproject
+
+DEBUG_FLAGS=	-g
+STRIP=
+
+CONFIGURE_ARGS=	--disable-dependency-tracking \
+		--datadir=${DATADIR} \
+		--docdir=${DOCSDIR} \
+		--localstatedir=/var \
+		--disable-silent-rules \
+		--disable-nls \
+		--disable-cifs-idmap-plugin \
+		--disable-valgrind \
+		--disable-systemtap \
+		--enable-pammoddir=${PREFIX}/lib \
+		--enable-ldb-version-check \
+		--enable-pac-responder \
+		--with-db-path=/var/db/sss/db \
+		--with-os=freebsd \
+		--with-plugin-path=${LOCALBASE}/lib/sssd \
+		--with-pubconf-path=/var/db/sss/pubconf  \
+		--with-pid-path=/var/run \
+		--with-pipe-path=/var/run/sss/pipes \
+		--with-mcache-path=/var/db/sss/mc \
+		--with-environment-file=${LOCALBASE}/etc/sssd \
+		--with-init-dir=no \
+		--with-manpages \
+		--with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \
+		--with-krb5-plugin-path=${LOCALBASE}/lib/krb5/plugins/libkrb5 \
+		--with-krb5authdata-plugin-path=${LOCALBASE}/lib/krb5/plugins/authdata \
+		--with-krb5-conf=/etc/krb5.conf \
+		--without-python2-bindings \
+		--with-winbind-plugin-path=${LOCALBASE}/lib/samba4/modules/idmap \
+		--without-selinux \
+		--with-gpo-cache-path=/var/db/sss/gpo_cache  \
+		--without-semanage \
+		--with-app-libs=${LOCALBASE}/lib/sssd/modules \
+		--without-autofs \
+		--with-files-provider \
+		--with-passkey \
+		--with-libsifp \
+		--without-libsifp \
+		--with-syslog=syslog \
+		--with-samba \
+		--without-nfsv4-idmapd-plugin \
+		--with-nfs-lib-path=${LOCALBASE}/lib \
+		--with-secrets-db-path=/var/lib/sss/secrets \
+		--with-kcm \
+		--with-oidc-child \
+		--with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb \
+		--with-smb-idmap-interface-version=6 \
+		--without-libnl \
+		--with-nscd-conf=/etc/nscd.conf \
+		--with-python_prefix=${PREFIX} \
+		--with-unicode-lib=libunistring
+
+CFLAGS+=	-fstack-protector-all
+CFLAGS+=	-I${LOCALBASE}/include/samba4
+
+LIBS+=	-L${LOCALBASE}/lib \
+	-L${LOCALBASE}/lib/samba4/private \
+	-L${LOCALBASE}/lib/sasl2  \
+	-linotify -lintl
+
+KRB5_HOME=	${LOCALBASE}
+KRB5_CONFIG=	${LOCALBASE}/bin/krb5-config
+KRB5_CFLAGS=	-I${LOCALBASE}/include
+KRB5_LIBS=	-L${LOCALBAse}/lib -lkrb5 -lk5crypto -lcom_err
+
+GSSAPI_KRB5_CFLAGS=	-I${LOCALBASE}/include
+GSSAPI_KRB5_LIBS=	-L${LOCALBASE}/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err
+
+LDFLAGS+=	-lgssapi
+LDFLAGS_SL+=	-lgssapi
+
+INCLUDES+=	-I${LOCALBASE}/include
+CONFIGURE_ENV+=	INCLUDES="${INCLUDES}" \
+		LDFLAGS_SL="${LDFLAGS_SL}"
+MAKE_ENV=	MAKELEVEL=0
+
+PLIST_SUB=	PYTHON_VER=${PYTHON_VER}
+MAKE_ENV+=	LINGUAS="bg de eu es fr hu id it ja nb nl pl pt ru sv tg tr uk zh_CN zh_TW"
+SUB_FILES=	pkg-message
+
+BINARY_ALIAS=	python3=python${PYTHON_VER}
+SHEBANG_FILES=	sbus_generate.sh.in \
+		src/tools/analyzer/sss_analyze \
+		src/tools/sss_obfuscate \
+		src/config/SSSDConfigTest.py \
+		src/tests/python-test.py \
+		src/tests/pysss-test.py \
+		src/tests/cwrap/cwrap_test_setup.sh \
+		src/tests/whitespace_test \
+		src/tests/pyhbac-test.py \
+		src/tests/multihost/data/memcachesize.py \
+		src/tests/double_semicolon_test \
+		src/tests/pysss_murmur-test.py \
+		scripts/release.sh \
+		contrib/git/pre-push \
+		contrib/ci/rpm-spec-builddeps \
+		contrib/ci/clean \
+		contrib/ci/valgrind-condense \
+		contrib/ci/run-multihost \
+		contrib/ci/run \
+		contrib/ci/get-matrix.py \
+		contrib/vagrant/bootstrap.sh \
+		contrib/fedora/make_srpm.sh
+
+USE_RC_SUBR=	${PORTNAME}
+
+USE_GITHUB=yes
+GH_ACCOUNT=sssd
+
+post-patch:
+	@${REINPLACE_CMD} -e 's|/usr/bin/|${PREFIX}/bin/|g' \
+		-e 's|/var/lib/sss/pubconf/|/var/db/sss/pubconf/|g' \
+		${WRKSRC}/src/man/sss_ssh_knownhostsproxy.1.xml \
+		${WRKSRC}/src/man/po/*.po || true
+	@${REINPLACE_CMD} -e 's|/etc/sssd/|${ETCDIR}/|g' \
+		-e 's|/etc/openldap/|${LOCALBASE}/etc/openldap/|g' \
+		${WRKSRC}/src/man/*xml || true
+	@${CP} ${FILESDIR}/sss_bsd_errno.h ${WRKSRC}/src/util/sss_bsd_errno.h
+	@${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}/src/sss_client/bsdnss.c
+
+post-install:
+	${INSTALL_DATA} ${WRKSRC}/src/examples/sssd-example.conf \
+		${STAGEDIR}${ETCDIR}/sssd.conf.sample
+	${MKDIR} ${STAGEDIR}${PREFIX}/share/dbus-1/system.d
+	${INSTALL_DATA} ${WRKSRC}/src/responder/ifp/org.freedesktop.sssd.infopipe.conf \
+		${STAGEDIR}${PREFIX}/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
+	${MKDIR} ${STAGEDIR}${PREFIX}/share/dbus-1/system-services
+	${INSTALL_DATA} ${WRKSRC}/src/responder/ifp/org.freedesktop.sssd.infopipe.service \
+		${STAGEDIR}${PREFIX}/share/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
+	${LN} -sf libnss_sss.so.2 ${STAGEDIR}${PREFIX}/lib/nss_sss.so.1
+
+.include <bsd.port.mk>
diff --git a/security/sssd2/pkg-plist b/security/sssd2/pkg-plist
new file mode 100644
index 0000000..f28c117
--- /dev/null
+++ b/security/sssd2/pkg-plist
@@ -0,0 +1,163 @@
+bin/sss_ssh_authorizedkeys
+bin/sss_ssh_knownhostsproxy
+etc/pam.d/sssd-shadowutils
+%%ETCDIR%%/sssd.conf.sample
+include/ipa_hbac.h
+include/sss_certmap.h
+include/sss_idmap.h
+include/sss_nss_idmap.h
+lib/krb5/plugins/authdata/sssd_pac_plugin.so
+lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
+lib/libipa_hbac.so
+lib/libipa_hbac.so.0
+lib/libipa_hbac.so.0.1.0
+lib/libnss_sss.so.2
+lib/libsss_certmap.so
+lib/libsss_certmap.so.0
+lib/libsss_certmap.so.0.2.0
+lib/libsss_idmap.so
+lib/libsss_idmap.so.0
+lib/libsss_idmap.so.0.5.1
+lib/libsss_nss_idmap.so
+lib/libsss_nss_idmap.so.0
+lib/libsss_nss_idmap.so.0.6.0
+lib/libsss_sudo.so
+lib/nss_sss.so.1
+lib/pam_sss.so
+lib/pam_sss_gss.so
+%%PYTHON_SITELIBDIR%%/SSSDConfig-2.9.4-py%%PYTHON_VER%%.egg-info
+%%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.py
+%%PYTHON_SITELIBDIR%%/SSSDConfig/__pycache__/__init__%%PYTHON_EXT_SUFFIX%%.pyc
+%%PYTHON_SITELIBDIR%%/SSSDConfig/__pycache__/ipachangeconf%%PYTHON_EXT_SUFFIX%%.pyc
+%%PYTHON_SITELIBDIR%%/SSSDConfig/__pycache__/sssdoptions%%PYTHON_EXT_SUFFIX%%.pyc
+%%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.py
+%%PYTHON_SITELIBDIR%%/SSSDConfig/sssdoptions.py
+%%PYTHON_SITELIBDIR%%/pyhbac.so
+%%PYTHON_SITELIBDIR%%/pysss.so
+%%PYTHON_SITELIBDIR%%/pysss_murmur.so
+%%PYTHON_SITELIBDIR%%/pysss_nss_idmap.so
+%%PYTHON_SITELIBDIR%%/sssd/__init__.py
+%%PYTHON_SITELIBDIR%%/sssd/modules/__init__.py
+%%PYTHON_SITELIBDIR%%/sssd/modules/request.py
+%%PYTHON_SITELIBDIR%%/sssd/parser.py
+%%PYTHON_SITELIBDIR%%/sssd/source_files.py
+%%PYTHON_SITELIBDIR%%/sssd/source_journald.py
+%%PYTHON_SITELIBDIR%%/sssd/source_reader.py
+%%PYTHON_SITELIBDIR%%/sssd/sss_analyze.py
+lib/samba4/modules/idmap/sss.so
+lib/shared-modules/ldb/memberof.so
+lib/sssd/conf/sssd.conf
+lib/sssd/libifp_iface.so
+lib/sssd/libifp_iface_sync.so
+lib/sssd/libsss_ad.so
+lib/sssd/libsss_cert.so
+lib/sssd/libsss_child.so
+lib/sssd/libsss_crypt.so
+lib/sssd/libsss_debug.so
+lib/sssd/libsss_files.so
+lib/sssd/libsss_iface.so
+lib/sssd/libsss_iface_sync.so
+lib/sssd/libsss_ipa.so
+lib/sssd/libsss_krb5.so
+lib/sssd/libsss_krb5_common.so
+lib/sssd/libsss_ldap.so
+lib/sssd/libsss_ldap_common.so
+lib/sssd/libsss_proxy.so
+lib/sssd/libsss_sbus.so
+lib/sssd/libsss_sbus_sync.so
+lib/sssd/libsss_semanage.so
+lib/sssd/libsss_simple.so
+lib/sssd/libsss_util.so
+lib/sssd/modules/sssd_krb5_idp_plugin.so
+lib/sssd/modules/sssd_krb5_localauth_plugin.so
+lib/sssd/modules/sssd_krb5_passkey_plugin.so
+libdata/pkgconfig/ipa_hbac.pc
+libdata/pkgconfig/sss_certmap.pc
+libdata/pkgconfig/sss_idmap.pc
+libdata/pkgconfig/sss_nss_idmap.pc
+libexec/sssd/gpo_child
+libexec/sssd/krb5_child
+libexec/sssd/ldap_child
+libexec/sssd/oidc_child
+libexec/sssd/p11_child
+libexec/sssd/passkey_child
+libexec/sssd/proxy_child
+libexec/sssd/sss_analyze
+libexec/sssd/sss_signal
+libexec/sssd/sssd_be
+libexec/sssd/sssd_ifp
+libexec/sssd/sssd_kcm
+libexec/sssd/sssd_nss
+libexec/sssd/sssd_pac
+libexec/sssd/sssd_pam
+libexec/sssd/sssd_ssh
+libexec/sssd/sssd_sudo
+man/man1/sss_ssh_authorizedkeys.1.gz
+man/man1/sss_ssh_knownhostsproxy.1.gz
+man/man5/sss-certmap.5.gz
+man/man5/sssd-ad.5.gz
+man/man5/sssd-files.5.gz
+man/man5/sssd-ifp.5.gz
+man/man5/sssd-ipa.5.gz
+man/man5/sssd-krb5.5.gz
+man/man5/sssd-ldap-attributes.5.gz
+man/man5/sssd-ldap.5.gz
+man/man5/sssd-session-recording.5.gz
+man/man5/sssd-simple.5.gz
+man/man5/sssd-sudo.5.gz
+man/man5/sssd.conf.5.gz
+man/man8/idmap_sss.8.gz
+man/man8/pam_sss.8.gz
+man/man8/pam_sss_gss.8.gz
+man/man8/sss_cache.8.gz
+man/man8/sss_debuglevel.8.gz
+man/man8/sss_obfuscate.8.gz
+man/man8/sss_override.8.gz
+man/man8/sss_seed.8.gz
+man/man8/sssctl.8.gz
+man/man8/sssd-kcm.8.gz
+man/man8/sssd.8.gz
+man/man8/sssd_krb5_localauth_plugin.8.gz
+man/man8/sssd_krb5_locator_plugin.8.gz
+sbin/sss_cache
+sbin/sss_debuglevel
+sbin/sss_obfuscate
+sbin/sss_override
+sbin/sss_seed
+sbin/sssctl
+sbin/sssd
+share/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
+share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
+%%DATADIR%%/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
+%%DATADIR%%/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
+%%DATADIR%%/sssd-kcm/kcm_default_ccache
+%%DATADIR%%/sssd/cfg_rules.ini
+%%DATADIR%%/sssd/krb5-snippets/enable_sssd_conf_dir
+%%DATADIR%%/sssd/krb5-snippets/sssd_enable_idp
+%%DATADIR%%/sssd/krb5-snippets/sssd_enable_passkey
+%%DATADIR%%/sssd/sssd.api.conf
+%%DATADIR%%/sssd/sssd.api.d/sssd-ad.conf
+%%DATADIR%%/sssd/sssd.api.d/sssd-files.conf
+%%DATADIR%%/sssd/sssd.api.d/sssd-ipa.conf
+%%DATADIR%%/sssd/sssd.api.d/sssd-krb5.conf
+%%DATADIR%%/sssd/sssd.api.d/sssd-ldap.conf
+%%DATADIR%%/sssd/sssd.api.d/sssd-proxy.conf
+%%DATADIR%%/sssd/sssd.api.d/sssd-simple.conf
+@dir %%ETCDIR%%/conf.d
+@dir %%ETCDIR%%/pki
+@dir lib/ldb
+@dir /var/db/sss/db
+@dir /var/db/sss/deskprofile
+@dir /var/db/sss/gpo_cache
+@dir /var/db/sss/keytabs
+@dir /var/db/sss/mc
+@dir /var/db/sss/pubconf/krb5.include.d
+@dir /var/db/sss/pubconf
+@dir /var/db/sss
+@dir /var/lib/sss/secrets
+@dir /var/lib/sss
+@dir /var/lib
+@dir /var/log/sssd
+@dir /var/run/sss/pipes/private
+@dir /var/run/sss/pipes
+@dir /var/run/sss